- Issued:
- 2024-09-09
- Updated:
- 2024-09-09
RHSA-2024:6501 - Moderate: Red Hat build of Keycloak 22.0.12 Update
Synopsis
Moderate: Red Hat build of Keycloak 22.0.12 Update
Type/Severity
Security Advisory Moderate
Topic
New Red Hat build of Keycloak 22.0.12 packages are available from the Customer Portal. This is a security update with Moderate impact rating.
Description
Red Hat build of Keycloak 22.0.12 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat build of Keycloak 22.0.12 serves as a replacement for Red Hat Single Sign-On 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security fixes:
- potential bypass of brute force protection (CVE-2024-4629)
- session fixation in elytron saml adapters (CVE-2024-7341)
- Leak of configured LDAP bind credentials through the Keycloak admin console (CVE-2024-5967)
Solution
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat build of Keycloak | Text-only Advisories | x86_64 |
Fixes
- This content is not included.BZ - 2276761
- This content is not included.BZ - 2292200
- This content is not included.BZ - 2302064
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.