CVE-2021-3461 - A flaw was found in keycloak where keycloak may fail to logout user session if the logout request co

CVE-2021-3461

Summary

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

References

https://bugzilla.redhat.com/show_bug.cgi?id=1941565

Vulnerable Configurations

cpe:2.3:a:redhat:keycloak:9.0.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:9.0.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4.7:*:*:*:*:*:*:*

CVSS

Base:	3.3 (as of 13-04-2022 - 13:58)
Impact:
Exploitability:

CWE

CWE-613

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:N

Last major update

13-04-2022 - 13:58

Published

01-04-2022 - 23:15

Last modified

13-04-2022 - 13:58