CVE-2024-8698 | AttackerKB

Description

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

OS

Unknown

Vulnerable Versions

Red Hat Build of Keycloak not down converted

Red Hat Build of Keycloak not down converted

Red Hat Build of Keycloak not down converted

Red Hat build of Keycloak 22 not down converted

Red Hat build of Keycloak 22 not down converted

Red Hat build of Keycloak 22 not down converted

Red Hat build of Keycloak 24 not down converted

Red Hat build of Keycloak 24 not down converted

Red Hat build of Keycloak 24 not down converted

Red Hat JBoss Enterprise Application Platform 8 not down converted

Red Hat JBoss Enterprise Application Platform 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 not down converted

Red Hat Single Sign-On 7 not down converted

Red Hat Single Sign-On 7 not down converted

Red Hat Single Sign-On 7.6 for RHEL 7 not down converted

Red Hat Single Sign-On 7.6 for RHEL 8 not down converted

Red Hat Single Sign-On 7.6 for RHEL 9 not down converted

RHEL-8 based Middleware Containers not down converted

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Red Hat

Products

References

Canonical

CVE-2024-8698 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8698)

Miscellaneous

https://access.redhat.com/errata/RHSA-2024:6878

https://access.redhat.com/errata/RHSA-2024:6879

https://access.redhat.com/errata/RHSA-2024:6880

https://access.redhat.com/errata/RHSA-2024:6882

https://access.redhat.com/errata/RHSA-2024:6886

https://access.redhat.com/errata/RHSA-2024:6887

https://access.redhat.com/errata/RHSA-2024:6888

https://access.redhat.com/errata/RHSA-2024:6889

https://access.redhat.com/errata/RHSA-2024:6890

https://access.redhat.com/security/cve/CVE-2024-8698

https://bugzilla.redhat.com/show_bug.cgi?id=2311641

https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415

https://access.redhat.com/errata/RHSA-2024:8823

https://access.redhat.com/errata/RHSA-2024:8824

https://access.redhat.com/errata/RHSA-2024:8826

Rapid7

Technical Analysis