Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-0560

Опубликовано: 28 фев. 2024
Источник: redhat
CVSS3: 6.3

Описание

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.

Отчет

Red Hat considers this as a Moderate flaw, as 3Scale will allow revoked or expired tokens, however, it will not allow tokens belonging to an unauthorized client. A client cannot access the services to which it is not subscribed because the authrep request is still performed correctly and will reject the client_id extracted from the JWT. This requires the attacker to obtain a token and could jeopardize a small and uncontrolled amount of data.

Меры по смягчению последствий

Use an alternate auth_type: auth_type: client_id+client_secret. Disabling the policy entirely might be a temporary solution if the alternate {{auth_type is not feasible for some reason. The only purpose the token introspection endpoint serves is for sessions that are revoked in RH SSO before the standard TTL expires via the exp claim.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 2apicastWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-280
https://bugzilla.redhat.com/show_bug.cgi?id=2258456apicast: use_3scale_oidc_issuer_endpoint of Token Introspection policy isn't compatible with RH-SSO 7.5 or later versions

6.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-0560

CVSS3: 6.3
nvd
почти 2 года назад

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.

github логотип

GHSA-qc2p-p8wc-jp2h

CVSS3: 6.3
github
почти 2 года назад

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.

fstec логотип

BDU:2024-02702

CVSS3: 6.3
fstec
почти 2 года назад

Уязвимость программного средства управления API-интерфейсами Red Hat 3scale API Management, связанная с некорректной обработкой недостаточных разрешений или привилегий, позволяющая нарушителю выполнить произвольный код

6.3 Medium

CVSS3