Описание
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
A flaw was found in Keycloak. The Red Hat Single Sign-On allowed authed users to perform actions outside their permissions. This flaw makes adding users to the master realm possible even though no respective permission was granted.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | keycloak | Not affected | ||
| Red Hat Fuse 7 | keycloak | Not affected | ||
| Red Hat Integration Camel K 1 | keycloak | Not affected | ||
| Red Hat Process Automation 7 | keycloak | Not affected | ||
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Not affected | ||
| Red Hat support for Spring Boot | keycloak | Not affected | ||
| RHSSO 7.5.1 | Fixed | RHSA-2022:0449 | 07.02.2022 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
6.5 Medium
CVSS3