drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Keycloak
| Name: |
Zwei Probleme in Keycloak |
|
| ID: |
RHSA-2025:2545 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Build of Keycloak |
|
| Datum: |
Mo, 10. März 2025, 22:01 |
|
| Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2338993
https://access.redhat.com/security/cve/CVE-2025-1391
https://access.redhat.com/errata/RHSA-2025:2545
https://access.redhat.com/security/cve/CVE-2025-0604
https://bugzilla.redhat.com/show_bug.cgi?id=2346082 |
|
| Applikationen: |
Keycloak |
|
Originalnachricht |
New Red Hat build of Keycloak 26.0.10 packages are available from the Customer
Portal
Red Hat build of Keycloak 26.0.10 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:
* Authentication Bypass Due to Missing LDAP Bind After Password Reset in
Keycloak (CVE-2025-0604)
* Improper Authorization in Keycloak Organization Mapper Allows Unauthorized
Organization Claims (CVE-2025-1391)
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-0604: Improper Authentication (CWE-287)
CVE-2025-1391: Improper Access Control (CWE-284)
|
|
|
|
