Keycloak Security Update Advisory (CVE-2024-8698)

Sep 24 2024

Overview

An update has been released to address vulnerabilities in Keycloak. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8698

Keycloak versions: ~ 25.0.6 (excluded)

Resolved Vulnerabilities

A flaw in the SAML signature validation method within the Keycloak XMLSignatureUtil class could allow an attacker to craft a crafted response that could bypass validation, leading to privilege escalation or impersonation attacks (CVE-2024-8698)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8698

Keycloak version: 25.0.6

References

[1] CVE-2024-8698 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-8698

[2] Keycloak SAML signature validation flaw

https://github.com/advisories/GHSA-4xx7-2cx3-x473

Keycloak Security Update Advisory (CVE-2024-8698)

Ivanti Product Security Update Advisory (CVE-2024-8963)

llama.cpp Security Update Advisory (CVE-2024-42479)

Tags:

Ivanti Product Security Update Advisory (CVE-2024-8963)

llama.cpp Security Update Advisory (CVE-2024-42479)