Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in Red Hat build of Keycloak 22.0.11
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Red Hat build of Keycloak 22.0.11
ID: RHSA-2024:3574
Distribution: Red Hat
Plattformen: Red Hat Build of Keycloak
Datum: Di, 4. Juni 2024, 09:05
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2279303
https://access.redhat.com/security/cve/CVE-2024-4540
https://access.redhat.com/errata/RHSA-2024:3574
Applikationen: Red Hat build of Keycloak 22.0.11

Originalnachricht

New Red Hat build of Keycloak 22.0.11 packages are available from the Customer
Portal

Red Hat Product Security has rated this update as having a security impact of
Low. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Red Hat build of Keycloak 22.0.11 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat build of Keycloak 22.0.11 serves as a replacement for
Red Hat Single Sign-On 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):
* exposure of sensitive information in Pushed Authorization Requests (PAR)
KC_RESTART cookie (CVE-2024-4540)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-4540: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung