Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38473

HistoryDec 14, 2022 - 8:18 a.m.

Improper Authentication

2022-12-1408:18:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

improper authentication

vulnerable software

session hijacking

remote attackers

EPSS

0.001

Percentile

37.7%

org.keycloak:keycloak-services is vulnerable to improper authentication. The reuse of session IDs across root, user authentication sessions and the lack of root session validation allow remote attackers to resolve a user session attached to the previously authenticated user in the offline_access scope.

References

access.redhat.com/errata/RHSA-2022:8961

access.redhat.com/errata/RHSA-2022:8962

access.redhat.com/errata/RHSA-2022:8963

access.redhat.com/errata/RHSA-2022:8964

access.redhat.com/errata/RHSA-2022:8965

access.redhat.com/errata/RHSA-2023:1043

access.redhat.com/errata/RHSA-2023:1044

access.redhat.com/errata/RHSA-2023:1045

access.redhat.com/errata/RHSA-2023:1047

access.redhat.com/errata/RHSA-2023:1049

access.redhat.com/security/cve/CVE-2022-3916

bugzilla.redhat.com/show_bug.cgi?id=2141404

github.com/advisories/GHSA-97g8-xfvw-q4hg

github.com/stianst/keycloak/commit/f842837ad2740da36c60958ea6654b1ef3bc5431

github.com/stianst/keycloak/pull/7

EPSS

0.001

Percentile

37.7%

Related for VERACODE:38473

osv2 nvd1 redhatcve1 github1 vulnrichment1 cvelist1 cve1 prion1 redhat10 nessus6