Skip to content

Commit

Permalink
Adding CVE as alias
Browse files Browse the repository at this point in the history
  • Loading branch information
@Chetven
Chetven committed Dec 20, 2024
1 parent aef7ebc commit 07823e7
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions advisories/github-reviewed/2024/10/GHSA-xgfv-xpx8-qhcr/GHSA-xgfv-xpx8-qhcr.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@
"id": "GHSA-xgfv-xpx8-qhcr",
"modified": "2024-10-14T20:54:52Z",
"published": "2024-10-14T20:54:52Z",
"aliases": [],
"aliases": [
"CVE-2024-8698"
],
"summary": "Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak",
"details": "A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.",
"severity": [
Expand Down Expand Up @@ -99,4 +101,4 @@
"github_reviewed_at": "2024-10-14T20:54:52Z",
"nvd_published_at": null
}
}
}

0 comments on commit 07823e7

Please sign in to comment.