(RHSA-2024:3566) Low: Red Hat Single Sign-On 7.6.9 security update on RHEL 7

2024-06-0319:44:17

access.redhat.com

red hat single sign-on

rhel 7

security update

bug fixes

keycloak project

authentication

single sign-on

pushed authorization requests

cve-2024-4540

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

Percentile

13.0%

JSON

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.9 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

exposure of sensitive information in Pushed Authorization Requests (PAR)
KC_RESTART cookie (CVE-2024-4540)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchrh-sso7-keycloak< 18.0.14-1.redhat_00001.1.el7ssorh-sso7-keycloak-18.0.14-1.redhat_00001.1.el7sso.noarch.rpm
RedHat7noarchrh-sso7-keycloak-server< 18.0.14-1.redhat_00001.1.el7ssorh-sso7-keycloak-server-18.0.14-1.redhat_00001.1.el7sso.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	noarch	rh-sso7-keycloak	< 18.0.14-1.redhat_00001.1.el7sso	rh-sso7-keycloak-18.0.14-1.redhat_00001.1.el7sso.noarch.rpm
RedHat	7	noarch	rh-sso7-keycloak-server	< 18.0.14-1.redhat_00001.1.el7sso	rh-sso7-keycloak-server-18.0.14-1.redhat_00001.1.el7sso.noarch.rpm