drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in Keycloak
Name: |
Mangelnde Rechteprüfung in Keycloak |
|
ID: |
RHSA-2021:5219-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Single Sign-On |
|
Datum: |
Mo, 20. Dezember 2021, 22:27 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2021-4133 |
|
Applikationen: |
Keycloak |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Single Sign-On security update on RHEL 8 Advisory ID: RHSA-2021:5219-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2021:5219 Issue date: 2021-12-20 CVE Names: CVE-2021-4133 =====================================================================
1. Summary:
A security update is now available for Red Hat Single Sign-On 7.5 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Single Sign-On 7.4 for RHEL 8 - noarch
3. Description:
Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This is an asynchronous patch for Red Hat Single Sign-On 7.5, and includes one security fix.
Security Fix:
* keycloak: Incorrect authorization allows unpriviledged users to create other users (CVE-2021-4133)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2033602 - CVE-2021-4133 Keycloak: Incorrect authorization allows unpriviledged users to create other users
6. Package List:
Red Hat Single Sign-On 7.4 for RHEL 8:
Source: rh-sso7-keycloak-15.0.2-3.redhat_00002.1.el8sso.src.rpm
noarch: rh-sso7-keycloak-15.0.2-3.redhat_00002.1.el8sso.noarch.rpm rh-sso7-keycloak-server-15.0.2-3.redhat_00002.1.el8sso.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-4133 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYcDdsdzjgjWX9erEAQjCjA/+KIlIiMbC0ZFeoMKgl1YChugum1oQWWIc Nym8fZN9rU6k0Py/Xp8tTHKpFo0rF1IhgnzvkmaU3VeIHL2yxxpoSjzKpZKy+pgV 7+W2850a5ygG6egZtige+RB6mpWZlyEuaXr2SBhX3f2CXgG42vIqu5jeKqn6kyBG Zt6F+EG/i2ABmNuAOeL5Rpvb4ihEIlqsTcaYsQb4HtM7ozBoxXQB4LE1HS9KQZWh 5eMlpnRauWklAIIE2X72Vt7gjjbatmxmi/BHNeWige7iKtsHZzIAyoZOJ8TRgK2k EqdtRVmcRKRwu64wa6aL1ry8BXbyIs0jgRTwNx09tqHwWjtJkr9w+C/bvNhQXaMU Gz4oRws8kgQcMiCAkM9eAam8PnuD84b0EPvZI4YwLi9/PZ6P4/1Oz4+imas7uP67 G1QRKhjjxdXgwqrH8rv8FdTtIkNrPpUG0Ebxz/fTpshVkzIKxU19oOIs9T3G3shF FVNQBUSaffk6fKIX66cfoIiz6FNjCzPjTRqkPAhIzekISvZE+jt6UOD34aJqp9ku cMhp3LbK2uAYOkKlHWe6RNIhYDnliCNyP8K/dNNtgeW7sgSp7BnJ/5QPuzgkkr26 l9xiPN6W/h2vAVNwYImYSUSQ5Wi/pT9+VYTd9kOgZxkylLalvQYhwPT7KAfAN3lO /CI0iyhfwR0= =RdiR -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|