CWE
79 22 918
Advisory Published
Advisory Published

RHSA-2023:1044: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8

First published: Wed Mar 01 2023(Updated: )

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.<br>This release of Red Hat Single Sign-On 7.6.2 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)</li> <li> Moment.js: Path traversal in moment.locale (CVE-2022-24785)</li> <li> keycloak: missing email notification template allowlist (CVE-2022-1274)</li> <li> keycloak: minimist: prototype pollution (CVE-2021-44906)</li> <li> moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)</li> <li> undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)</li> <li> snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)</li> <li> loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)</li> <li> keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)</li> <li> keycloak: path traversal via double URL encoding (CVE-2022-3782)</li> <li> snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)</li> <li> snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)</li> <li> snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)</li> <li> keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)</li> <li> keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)</li> <li> json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)</li> <li> keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)</li> <li> snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)</li> <li> CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)</li> <li> rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)</li> <li> jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)</li> <li> sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)</li> <li> jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)</li> <li> jettison: parser crash by stackoverflow (CVE-2022-40149)</li> <li> jackson-databind: use of deeply nested arrays (CVE-2022-42004)</li> <li> jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)</li> <li> jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)</li> <li> jquery: Passing HTML containing &lt;option&gt; elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)</li> <li> bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)</li> <li> jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)</li> <li> CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)</li> <li> keycloak: reflected XSS attack (CVE-2022-4137)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Affected SoftwareAffected VersionHow to fix
redhat/rh-sso7-keycloak<18.0.6-1.redhat_00001.1.el8
18.0.6-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak-server<18.0.6-1.redhat_00001.1.el8
18.0.6-1.redhat_00001.1.el8

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203