VDB
EN
HIGH 7.7

GHSA-794g-x443-36f7

Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

상세

Keycloak's SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response, injecting an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Maven / org.keycloak:keycloak-services
최초 영향 버전: 0

No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.

Maven / org.keycloak:keycloak-services
최초 영향 버전: 26.3.0

No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.

Maven / org.keycloak:keycloak-services
최초 영향 버전: 26.5.0

No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.

참고