(RHSA-2024:6499) Moderate: Red Hat Single Sign-On 7.6.10 security update

2024-09-0915:37:10

access.redhat.com

red hat single sign-on

keycloak project

bug fixes

enhancements

brute force protection

elytron saml adapters

ldap bind credentials

cve pageinfo

authentication

single sign-on

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

JSON

<< AUTOMATICALLY GENERATED, EDIT PLEASE >>
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.10 serves as a replacement for Red Hat Single Sign-On 7.6.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

potential bypass of brute force protection (CVE-2024-4629)
session fixation in elytron saml adapters (CVE-2024-7341)
Leak of configured LDAP bind credentials through the Keycloak admin console (CVE-2024-5967)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.