Описание
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
Отчет
Red Hat has rated this as an Important severity, although this configuration is not recommended, especially in production environments.
Меры по смягчению последствий
Use the correct TLS configuration and avoid using "--tls-hostname-verifier=any".
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Single Sign-On 7 | keycloak | Not affected | ||
| Red Hat Build of Keycloak | keycloak | Fixed | RHSA-2025:4336 | 29.04.2025 |
| Red Hat build of Keycloak 26 | Fixed | RHSA-2025:8690 | 09.06.2025 | |
| Red Hat build of Keycloak 26.0 | rhbk/keycloak-operator-bundle | Fixed | RHSA-2025:4335 | 29.04.2025 |
| Red Hat build of Keycloak 26.0 | rhbk/keycloak-rhel9 | Fixed | RHSA-2025:4335 | 29.04.2025 |
| Red Hat build of Keycloak 26.0 | rhbk/keycloak-rhel9-operator | Fixed | RHSA-2025:4335 | 29.04.2025 |
| Red Hat build of Keycloak 26.2 | rhbk/keycloak-operator-bundle | Fixed | RHSA-2025:8672 | 09.06.2025 |
| Red Hat build of Keycloak 26.2 | rhbk/keycloak-rhel9 | Fixed | RHSA-2025:8672 | 09.06.2025 |
| Red Hat build of Keycloak 26.2 | rhbk/keycloak-rhel9-operator | Fixed | RHSA-2025:8672 | 09.06.2025 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-297
https://bugzilla.redhat.com/show_bug.cgi?id=2358834org.keycloak.protocol.services: Keycloak hostname verification
8.2 High
CVSS3
Связанные уязвимости
CVSS3: 8.2
nvd
5 месяцев назад
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
CVSS3: 8.2
debian
5 месяцев назад
A flaw was found in Keycloak. By setting a verification policy to 'ALL ...
8.2 High
CVSS3