CVE-2024-7341

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:6493	Mailing List
https://access.redhat.com/errata/RHSA-2024:6494	Mailing List
https://access.redhat.com/errata/RHSA-2024:6495	Mailing List
https://access.redhat.com/errata/RHSA-2024:6497	Mailing List
https://access.redhat.com/errata/RHSA-2024:6499	Mailing List
https://access.redhat.com/errata/RHSA-2024:6500	Mailing List
https://access.redhat.com/errata/RHSA-2024:6501	Mailing List
https://access.redhat.com/errata/RHSA-2024:6502	Mailing List
https://access.redhat.com/errata/RHSA-2024:6503	Mailing List
https://access.redhat.com/security/cve/CVE-2024-7341	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2302064	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:build_of_keycloak::::::::
	cpe:2.3:a:redhat:build_of_keycloak::::::::

Configuration 4 (hide)

cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

History

No history.

Information

Published : 2024-09-09 19:15

Updated : 2024-10-04 12:48

NVD link : CVE-2024-7341

Mitre link : CVE-2024-7341

CVE.ORG link : CVE-2024-7341

JSON object : View

Products Affected

redhat

enterprise_linux
single_sign-on
keycloak
build_of_keycloak

CWE

CWE-384

Session Fixation

{"id": "CVE-2024-7341", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-09-09T19:15:14.450", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:6493", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6494", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6495", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6497", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6499", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6500", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6501", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6502", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:6503", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-7341", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de fijaci\u00f3n de sesi\u00f3n en los adaptadores SAML proporcionados por Keycloak. El ID de sesi\u00f3n y la cookie JSESSIONID no se modifican en el momento de iniciar sesi\u00f3n, incluso cuando est\u00e1 configurada la opci\u00f3n turnOffChangeSessionIdOnLogin. Esta falla permite que un atacante que secuestra la sesi\u00f3n actual antes de la autenticaci\u00f3n active la fijaci\u00f3n de sesi\u00f3n."}], "lastModified": "2024-10-04T12:48:43.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF1E078-5CC4-42CE-BE81-27A8B47D4616", "versionEndIncluding": "25.0.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92BC930F-97E8-4FA9-80C5-3A8DB327990B", "versionEndExcluding": "7.6.10", "versionStartIncluding": "7.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62171FB0-B5A2-4127-90AE-46F8630FDF2C", "versionEndExcluding": "22.0.12", "versionStartIncluding": "22.0"}, {"criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BEDEAB7-7C93-4274-8696-3A8EDCF87043", "versionEndExcluding": "24.0.7", "versionStartIncluding": "24.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*", "vulnerable": true, "matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}