CVE-2017-7474
First published: Tue Apr 25 2017(Updated: )
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/keycloak | <3.1.0 | 3.1.0 |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.0 | |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.0-cr1 | |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.1 | |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.2 | |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.3 | |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.4 | |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.5 | |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.6 | |
| Keycloak Keycloak-nodejs-auth-utils | =2.5.7 | |
| Keycloak Keycloak-nodejs-auth-utils | =3.0.0 | |
| Keycloak Keycloak-nodejs-auth-utils | =3.0.0-cr1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2017-7474
- https://bugzilla.redhat.com/show_bug.cgi?id=1445271
- http://rhn.redhat.com/errata/RHSA-2017-1203.html
- https://github.com/advisories/GHSA-mw35-24gh-f82w (Advisory)
- https://issues.jboss.org/browse/KEYCLOAK-4771
- https://github.com/keycloak/keycloak-nodejs-auth-utils/pull/49
- https://access.redhat.com/errata/RHSA-2017:1203
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/github-advisory
- alias/GHSA-mw35-24gh-f82w
- alias/CVE-2017-7474
- collector/github-advisory-latest
- collector/nvd-cve
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- package-manager/npm
- vendor/keycloak
- canonical/keycloak keycloak-nodejs-auth-utils
- version/keycloak keycloak-nodejs-auth-utils/2.5.0
- version/keycloak keycloak-nodejs-auth-utils/2.5.0-cr1
- version/keycloak keycloak-nodejs-auth-utils/2.5.1
- version/keycloak keycloak-nodejs-auth-utils/2.5.2
- version/keycloak keycloak-nodejs-auth-utils/2.5.3
- version/keycloak keycloak-nodejs-auth-utils/2.5.4
- version/keycloak keycloak-nodejs-auth-utils/2.5.5
- version/keycloak keycloak-nodejs-auth-utils/2.5.6
- version/keycloak keycloak-nodejs-auth-utils/2.5.7
- version/keycloak keycloak-nodejs-auth-utils/3.0.0
- version/keycloak keycloak-nodejs-auth-utils/3.0.0-cr1
- package-manager/redhat