Executive Summary
Summary | |
---|---|
Title | Red Hat Single Sign-On 7.3.3 security update |
Informations | |||
---|---|---|---|
Name | RHSA-2019:2483 | First vendor Publication | 2019-08-13 |
Vendor | RedHat | Last vendor Modification | 2019-08-13 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.3 serves as a replacement for Red Hat Single Sign-On 7.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References section. Security Fix(es): * keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201) * keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 5. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-10286 - (7.3.z) Change to new Red Hat logo in RH-SSO admin UI KEYCLOAK-10398 - (7.3.z) Update Red Hat logo in RH-SSO documentation |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2019-2483.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
50 % | CWE-347 | Improper Verification of Cryptographic Signature |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2020-03-19 13:18:59 |
|