admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-73xx/CVE-2024-7341.json
cad-safe-bot a3043036d0 Auto-Update: 2025-01-12T03:00:19.531309+00:00
2025-01-12 03:03:49 +00:00

250 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-7341",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-09-09T19:15:14.450",
"lastModified": "2024-10-04T12:48:43.523",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de fijaci\u00f3n de sesi\u00f3n en los adaptadores SAML proporcionados por Keycloak. El ID de sesi\u00f3n y la cookie JSESSIONID no se modifican en el momento de iniciar sesi\u00f3n, incluso cuando est\u00e1 configurada la opci\u00f3n turnOffChangeSessionIdOnLogin. Esta falla permite que un atacante que secuestra la sesi\u00f3n actual antes de la autenticaci\u00f3n active la fijaci\u00f3n de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.0.2",
"matchCriteriaId": "9DF1E078-5CC4-42CE-BE81-27A8B47D4616"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.6",
"versionEndExcluding": "7.6.10",
"matchCriteriaId": "92BC930F-97E8-4FA9-80C5-3A8DB327990B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.0",
"versionEndExcluding": "22.0.12",
"matchCriteriaId": "62171FB0-B5A2-4127-90AE-46F8630FDF2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
"versionStartIncluding": "24.0",
"versionEndExcluding": "24.0.7",
"matchCriteriaId": "5BEDEAB7-7C93-4274-8696-3A8EDCF87043"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:6493",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6494",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6495",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6497",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6499",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6500",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6501",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6502",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6503",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-7341",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064",
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink