目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2024-1249— Red Hat Keycloak 安全漏洞

CVSS 7.4 · High EPSS 0.45% · P36

影响版本矩阵 42

厂商产品版本范围状态
NoneNone21.1.0< 22.0.10affected
23.0.0< 24.0.3affected
Red HatMigration Toolkit for Applications 6全部affected
Red HatMigration Toolkit for Applications 7全部unaffected
Red HatRed Hat AMQ Broker 7全部unaffected
Red HatRed Hat build of Apicurio Registry 2全部affected
Red HatRed Hat build of Keycloak 2222.0.10-1< *unaffected
22-13< *unaffected
22-16< *unaffected
Red HatRed Hat build of Keycloak 22.0.10全部unaffected
Red HatRed Hat Data Grid 8全部unaffected
Red HatRed Hat Decision Manager 7全部affected
Red HatRed Hat Developer Hub全部unaffected
Red HatRed Hat Fuse 7全部unaffected
Red HatRed Hat JBoss Data Grid 7全部unaffected
Red HatRed Hat JBoss Enterprise Application Platform 6全部unknown
全部unknown
全部unknown
全部unknown
全部unknown
全部unknown
全部unknown
全部unknown
Red HatRed Hat JBoss Enterprise Application Platform 7全部affected
Red HatRed Hat JBoss Enterprise Application Platform 8全部unaffected
Red HatRed Hat JBoss Enterprise Application Platform Expansion Pack全部unaffected
Red HatRed Hat Process Automation 7全部affected
Red HatRed Hat Single Sign-On 7.6 for RHEL 70:18.0.13-1.redhat_00001.1.el7sso< *unaffected
Red HatRed Hat Single Sign-On 7.6 for RHEL 80:18.0.13-1.redhat_00001.1.el8sso< *unaffected
Red HatRed Hat Single Sign-On 7.6 for RHEL 90:18.0.13-1.redhat_00001.1.el9sso< *unaffected
Red HatRHEL-8 based Middleware Containers7.6-46< *unaffected
Red HatRHOSS-1.33-RHEL-81.33.0-5< *unaffected
1.33.0-5< *unaffected
1.33.0-5< *unaffected
1.33.0-5< *unaffected
1.33.0-5< *unaffected
1.33.0-5< *unaffected
1.33.0-3< *unaffected
1.33.0-5< *unaffected
… +1 条更多
Red HatRHSSO 7.6.8全部unaffected
Red Hatstreams for Apache Kafka全部unaffected

一、 漏洞 CVE-2024-1249 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
源验证错误
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Red Hat Keycloak 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Red Hat Keycloak是美国红帽(Red Hat)公司的一套为现代应用和服务提供身份验证和管理功能的软件。 Red Hat Keycloak 存在安全漏洞,该漏洞源于允许未经验证的跨域消息,允许攻击者使用简单的代码在几秒钟内协调和发送数百万个请求。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
-- 21.1.0 ~ 22.0.10 -
Red HatRed Hat AMQ Broker 7-cpe:/a:redhat:amq_broker:7.12
Red HatRed Hat build of Keycloak 22 22.0.10-1 ~ * cpe:/a:redhat:build_keycloak:22::el9
Red HatRed Hat build of Keycloak 22 22-13 ~ * cpe:/a:redhat:build_keycloak:22::el9
Red HatRed Hat build of Keycloak 22 22-16 ~ * cpe:/a:redhat:build_keycloak:22::el9
Red HatRed Hat build of Keycloak 22.0.10-cpe:/a:redhat:build_keycloak:22
Red HatRed Hat Single Sign-On 7.6 for RHEL 7 0:18.0.13-1.redhat_00001.1.el7sso ~ * cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red HatRed Hat Single Sign-On 7.6 for RHEL 8 0:18.0.13-1.redhat_00001.1.el8sso ~ * cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red HatRed Hat Single Sign-On 7.6 for RHEL 9 0:18.0.13-1.redhat_00001.1.el9sso ~ * cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red HatRHEL-8 based Middleware Containers 7.6-46 ~ * cpe:/a:redhat:rhosemc:1.0::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-5 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-5 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-5 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-5 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-5 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-5 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-3 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-5 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHOSS-1.33-RHEL-8 1.33.0-5 ~ * cpe:/a:redhat:openshift_serverless:1.33::el8
Red HatRHSSO 7.6.8-cpe:/a:redhat:red_hat_single_sign_on:7.6
Red HatMigration Toolkit for Applications 6-cpe:/a:redhat:migration_toolkit_applications:6
Red HatMigration Toolkit for Applications 7-cpe:/a:redhat:migration_toolkit_applications:7
Red HatRed Hat build of Apicurio Registry 2-cpe:/a:redhat:service_registry:2
Red HatRed Hat Data Grid 8-cpe:/a:redhat:jboss_data_grid:8
Red HatRed Hat Decision Manager 7-cpe:/a:redhat:jboss_enterprise_brms_platform:7
Red HatRed Hat Developer Hub-cpe:/a:redhat:rhdh:1
Red HatRed Hat Fuse 7-cpe:/a:redhat:jboss_fuse:7
Red HatRed Hat JBoss Data Grid 7-cpe:/a:redhat:jboss_data_grid:7
Red HatRed Hat JBoss Enterprise Application Platform 6-cpe:/a:redhat:jboss_enterprise_application_platform:6
Red HatRed Hat JBoss Enterprise Application Platform 6-cpe:/a:redhat:jboss_enterprise_application_platform:6
Red HatRed Hat JBoss Enterprise Application Platform 6-cpe:/a:redhat:jboss_enterprise_application_platform:6
Red HatRed Hat JBoss Enterprise Application Platform 6-cpe:/a:redhat:jboss_enterprise_application_platform:6
Red HatRed Hat JBoss Enterprise Application Platform 6-cpe:/a:redhat:jboss_enterprise_application_platform:6
Red HatRed Hat JBoss Enterprise Application Platform 6-cpe:/a:redhat:jboss_enterprise_application_platform:6
Red HatRed Hat JBoss Enterprise Application Platform 6-cpe:/a:redhat:jboss_enterprise_application_platform:6
Red HatRed Hat JBoss Enterprise Application Platform 6-cpe:/a:redhat:jboss_enterprise_application_platform:6
Red HatRed Hat JBoss Enterprise Application Platform 7-cpe:/a:redhat:jboss_enterprise_application_platform:7
Red HatRed Hat JBoss Enterprise Application Platform 8-cpe:/a:redhat:jboss_enterprise_application_platform:8
Red HatRed Hat JBoss Enterprise Application Platform Expansion Pack-cpe:/a:redhat:jbosseapxp
Red HatRed Hat Process Automation 7-cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hatstreams for Apache Kafka-cpe:/a:redhat:amq_streams:1

二、漏洞 CVE-2024-1249 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-1249 的情报信息

登录查看更多情报信息。

CVE-2024-1249 厂商安全公告 (12)

IV. Related Vulnerabilities

V. Comments for CVE-2024-1249

暂无评论


发表评论