Описание
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
Отчет
The issue is rated as important severity. A flaw in Red Hat Build of Keycloak's SAML broker endpoint allows unauthorized access. When the overall SAML response is not signed, an attacker with a valid signed SAML assertion can craft a malicious response to inject an encrypted assertion for an arbitrary principal. This leads to unauthorized access and potential information disclosure.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
EPSS
7.7 High
CVSS3
Связанные уязвимости
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Lan ...
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
EPSS
7.7 High
CVSS3