Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2024-7341
HistorySep 09, 2024 - 2:12 p.m.

CVE-2024-7341

2024-09-0914:12:08
redhat.com
access.redhat.com
7
cve-2024-7341
keycloak
saml adapters
session fixation

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0

Percentile

13.7%

JSON

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.

Mitigation

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Related

osv 2
cve 1
cvelist 1
github 1
vulnrichment 1
nvd 1
redhat 9
nessus 3
osv
osv
CGA-9737-qqj4-9xjc
2024-09-10 15:05:06
Keycloak Session Fixation vulnerability
2024-09-09 21:31:22
cve
cve
CVE-2024-7341
2024-09-09 19:15:14
cvelist
cvelist
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
2024-09-09 18:51:13
github
github
Keycloak Session Fixation vulnerability
2024-09-09 21:31:22
vulnrichment
vulnrichment
CVE-2024-7341 Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
2024-09-09 18:51:13
nvd
nvd
CVE-2024-7341
2024-09-09 19:15:14
redhat
redhat
(RHSA-2024:6495) Moderate: Red Hat Single Sign-On 7.6.10 security update on RHEL 9
2024-09-09 15:27:35
(RHSA-2024:6503) Moderate: Red Hat build of Keycloak 24.0.7 Update
2024-09-09 15:45:07
(RHSA-2024:6500) Moderate: Red Hat build of Keycloak 22.0.12 Images Update
2024-09-09 15:41:41
nessus
nessus
RHEL 9 : Red Hat Single Sign-On 7.6.10 security update on RHEL 9 (Moderate) (RHSA-2024:6495)
2024-09-09 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.6.10 security update on RHEL 7 (Moderate) (RHSA-2024:6493)
2024-09-09 00:00:00
RHEL 8 : Red Hat Single Sign-On 7.6.10 security update on RHEL 8 (Moderate) (RHSA-2024:6494)
2024-09-09 00:00:00

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0

Percentile

13.7%

JSON
Related for RH:CVE-2024-7341
osv2cve1cvelist1github1vulnrichment1nvd1redhat9nessus3