From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: RHSA-2024:6944 2. Release Date: 2024-09-09 3. Type/Severity: Security update, impact level: "Moderate" 4. Affected Products: Red Hat build of Keycloak 22.0.12 and Red Hat build of Keycloak 22.0.12 Operator, running on OpenShift Container Platform. 5. Description: - Red Hat build of Keycloak is an integrated login solution provided as a containerized image for Red Hat JBoss Middleware for OpenShift. - Provides an authentication server for centralized login, logout, and registration. - Can manage user accounts for web applications, mobile applications, and RESTful web services. - Red Hat build of Keycloak Operator simplifies deployment and management of Keycloak 22.0.12 clusters. - The updated images are applicable for on-premise or private cloud deployments within OpenShift Container Platform cloud services (PaaS). 6. Security Fixes: - Potential bypass of brute force protection (CVE-2024-4629) - Session fixation in Elytron SAML adapter (CVE-2024-7341) - Leakage of configured LDAP bind credentials via the Keycloak admin console (CVE-2024-5967) 7. Solution: - Back up existing installations before updating, including all applications, configuration files, databases, and database settings. 8. Affected Products: - Red Hat build of Keycloak 22 x86_64 9. Fixes: - BZ - 2276761 - CVE-2024-4629 keycloak: potential bypass of brute force protection - BZ - 2292200 - CVE-2024-5967 keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console - BZ - 2302064 - CVE-2024-7341 wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters 10. CVEs: - CVE-2024-4629 - CVE-2024-5967 - CVE-2024-7341 11. Reference Links: - https://access.redhat.com/security/updates/classification/#moderate This information provides detailed descriptions of the vulnerability, affected products, security fixes, and mitigation steps.