Vulnerability Description
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:6878
- https://access.redhat.com/errata/RHSA-2024:6879
- https://access.redhat.com/errata/RHSA-2024:6880
- https://access.redhat.com/errata/RHSA-2024:6882
- https://access.redhat.com/errata/RHSA-2024:6886
- https://access.redhat.com/errata/RHSA-2024:6887
- https://access.redhat.com/errata/RHSA-2024:6888
- https://access.redhat.com/errata/RHSA-2024:6889
- https://access.redhat.com/errata/RHSA-2024:6890
- https://access.redhat.com/errata/RHSA-2024:8823
- https://access.redhat.com/errata/RHSA-2024:8824
- https://access.redhat.com/errata/RHSA-2024:8826
- https://access.redhat.com/security/cve/CVE-2024-8698
- https://bugzilla.redhat.com/show_bug.cgi?id=2311641
FAQ
What is CVE-2024-8698?
CVE-2024-8698 is a vulnerability with a CVSS score of 7.7 (HIGH). A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specif...
How severe is CVE-2024-8698?
CVE-2024-8698 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8698?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.