Home > Vulnerability Database > CVE-2024-8698

Mend.io Vulnerability Database

CVE-2024-8698

Good to know:

Date: September 19, 2024

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.

Severity Score

7.7

Related Resources (20)

Url: https://access.redhat.com/errata/RHSA-2024:6880

Url: https://github.com/keycloak/keycloak/releases/tag/25.0.6

Url: https://access.redhat.com/errata/RHSA-2024:6890

Url: https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8698

Url: https://access.redhat.com/errata/RHSA-2024:6882

Url: https://access.redhat.com/security/cve/CVE-2024-8698

Url: https://access.redhat.com/errata/RHSA-2024:6878

Url: https://access.redhat.com/errata/RHSA-2024:6889

Url: https://access.redhat.com/errata/RHSA-2024:8826

Url: https://access.redhat.com/errata/RHSA-2024:6888

Url: https://access.redhat.com/errata/RHSA-2024:6887

Url: https://github.com/keycloak/keycloak/security/advisories/GHSA-xgfv-xpx8-qhcr

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2311641

Url: https://access.redhat.com/errata/RHSA-2024:6886

Url: https://access.redhat.com/errata/RHSA-2024:8823

Url: https://github.com/keycloak/keycloak

Url: https://access.redhat.com/errata/RHSA-2024:8824

Url: https://access.redhat.com/errata/RHSA-2024:6879

Url: https://www.mend.io/vulnerability-database/CVE-2024-8698

Severity Score

7.7

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

Top Fix

Upgrade Version

Upgrade to version org.keycloak:keycloak-saml-core:25.0.6

Learn More

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8698

Good to know:

Date: September 19, 2024

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?