CVE-2017-2582

Aliases:GHSA-c77r-6f64-478q

Advisory lineage Upstream: 0 Downstream: 12

Downstream

RHSA-2017:2808 RHSA-2017:2809 RHSA-2017:2811 RHSA-2017:3216 RHSA-2017:3217 RHSA-2017:3218

Modified

Published: 26 Jul 2018, 17:00

Last modified:05 Aug 2024, 13:55

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.0 (cve.org)

EPSS Score

0.63% LOW

1% probability -0.03%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Jul 2018, 17:00

Published

Vulnerability first disclosed

05 Aug 2024, 13:55

Last Modified

Vulnerability information updated

Description

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

CVSS Metrics

v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.63%• Percentile: 71%

Techniques & Countermeasures

CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-201•Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Affected Systems

org.keycloak•keycloak-core
< 2.5.1
red hat•keycloak
2.5.1
redhat•jboss_enterprise_application_platform
6.0.0 | 6.4.0 | 7.0.0 | 7.1.0
redhat•keycloak
< 2.5.1