Skip to content

Commit

Permalink
Merge pull request #5106 from Chetven/Chetven-GHSA-xgfv-xpx8-qhcr
Browse files Browse the repository at this point in the history
  • Loading branch information
advisory-database[bot] authored Dec 20, 2024
2 parents a26e490 + 07823e7 commit dc97b16
Showing 1 changed file with 4 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@
"id": "GHSA-xgfv-xpx8-qhcr",
"modified": "2024-10-14T20:54:52Z",
"published": "2024-10-14T20:54:52Z",
"aliases": [],
"aliases": [
"CVE-2024-8698"
],
"summary": "Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak",
"details": "A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.",
"severity": [
Expand Down Expand Up @@ -99,4 +101,4 @@
"github_reviewed_at": "2024-10-14T20:54:52Z",
"nvd_published_at": null
}
}
}

0 comments on commit dc97b16

Please sign in to comment.