Red Hat Product Errata RHSA-2024:6503 - Security Advisory
Issued:
2024-09-09
Updated:
2024-09-09

RHSA-2024:6503 - Security Advisory

Synopsis

Moderate: Red Hat build of Keycloak 24.0.7 Update

Type/Severity

Security Advisory: Moderate

Topic

New Red Hat build of Keycloak 24.0.7 packages are available from the Customer Portal

Description

Red Hat build of Keycloak 24.0.7 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

Security fixes:

  • session fixation in elytron saml adapters (CVE-2024-7341)
  • One Time Passcode (OTP) is valid longer than expiration timeSeverity (CVE-2024-7318)
  • Open Redirect on Account page (CVE-2024-7260)

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Affected Products

  • Red Hat build of Keycloak Text-only Advisories x86_64

Fixes

  • BZ - 2301875 - CVE-2024-7260 keycloak-core: Open Redirect on Account page
  • BZ - 2301876 - CVE-2024-7318 keycloak-core: One Time Passcode (OTP) is valid longer than expiration timeSeverity
  • BZ - 2302064 - CVE-2024-7341 wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.