Vulnerabilities > CVE-2020-1724 - Insufficient Session Expiration vulnerability in Redhat Keycloak

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

CWE-613

nessus

NVD

Published: 2020-05-11

Updated: 2023-11-07

Summary

A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Keycloak - Redhat Keycloak 1.0 Redhat Keycloak 1.0.0 Redhat Keycloak 1.0.1 Redhat Keycloak 1.0.2 Redhat Keycloak 1.0.3 Redhat Keycloak 1.0.4 Redhat Keycloak 1.0.5 Redhat Keycloak 1.1.0 Redhat Keycloak 1.1.1 Redhat Keycloak 1.2.0 Redhat Keycloak 1.3.0 Redhat Keycloak 1.3.1 Redhat Keycloak 1.4.0 Redhat Keycloak 1.5.0 Redhat Keycloak 1.5.1 Redhat Keycloak 1.6.0 Redhat Keycloak 1.6.1 Redhat Keycloak 1.7.0 Redhat Keycloak 1.8.0 Redhat Keycloak 1.8.1 Redhat Keycloak 1.8.2 Redhat Keycloak 1.9.0 Redhat Keycloak 1.9.1 Redhat Keycloak 1.9.2 Redhat Keycloak 1.9.3 Redhat Keycloak 1.9.4 Redhat Keycloak 1.9.5 Redhat Keycloak 1.9.6 Redhat Keycloak 1.9.7 Redhat Keycloak 1.9.8 Redhat Keycloak 2.0.0 Redhat Keycloak 2.1.0 Redhat Keycloak 2.2.0 Redhat Keycloak 2.2.1 Redhat Keycloak 2.3.0 Redhat Keycloak 2.4.0 Redhat Keycloak 2.5.0 Redhat Keycloak 2.5.1 Redhat Keycloak 2.5.2 Redhat Keycloak 2.5.3 Redhat Keycloak 2.5.4 Redhat Keycloak 2.5.5 Redhat Keycloak 2.5.6 Redhat Keycloak 2.5.7 Redhat Keycloak 2.5.8 Redhat Keycloak 2.5.9 Redhat Keycloak 2.5.10 Redhat Keycloak 3.0.0 Redhat Keycloak 3.1.0 Redhat Keycloak 3.1.1 Redhat Keycloak 3.2.0 Redhat Keycloak 3.2.1 Redhat Keycloak 3.3.0 Redhat Keycloak 3.4.0 Redhat Keycloak 3.4.1 Redhat Keycloak 3.4.2 Redhat Keycloak 3.4.3 Redhat Keycloak 4.0.0 Redhat Keycloak 4.1.0 Redhat Keycloak 4.2.0 Redhat Keycloak 4.2.1 Redhat Keycloak 4.3.0 Redhat Keycloak 4.4.0 Redhat Keycloak 4.5.0 Redhat Keycloak 4.6.0 Redhat Keycloak 4.7.0 Redhat Keycloak 4.8.0 Redhat Keycloak 4.8.1 Redhat Keycloak 4.8.2 Redhat Keycloak 4.8.3 Redhat Keycloak 5.0.0 Redhat Keycloak 6.0.0 Redhat Keycloak 6.0.1 Redhat Keycloak 6.0.2 Redhat Keycloak 7.0.0 Redhat Keycloak 7.0.1 Redhat Keycloak 8.0.0 Redhat Keycloak 8.0.2 Redhat Keycloak 9.0.0 Redhat Keycloak 9.0.1 Redhat Single Sign ON 7.0 Redhat Openshift Application Runtimes -	115

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2106.NASL
description	The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2106 advisory. - keycloak: security issue on reset credential flow (CVE-2020-1718) - keycloak: problem with privacy after user logout (CVE-2020-1724) - keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-18
modified	2020-05-12
plugin id	136516
published	2020-05-12
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136516
title	RHEL 6 : Red Hat Single Sign-On 7.3.8 security update on RHEL 6 (Important) (RHSA-2020:2106)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2106. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136516); script_version("1.1"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/12"); script_cve_id("CVE-2020-1718", "CVE-2020-1724", "CVE-2020-1758"); script_xref(name:"RHSA", value:"2020:2106"); script_name(english:"RHEL 6 : Red Hat Single Sign-On 7.3.8 security update on RHEL 6 (Important) (RHSA-2020:2106)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2106 advisory. - keycloak: security issue on reset credential flow (CVE-2020-1718) - keycloak: problem with privacy after user logout (CVE-2020-1724) - keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/287.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/613.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/297.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2106"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1718"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1724"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1758"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796756"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1800527"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1812514"); script_set_attribute(attribute:"solution", value: "Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_cwe_id(287, 297, 613); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:red_hat_single_sign_on:7"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:red_hat_single_sign_on:7::el6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el6sso', 'release':'6', 'el_string':'el6sso', 'rpm_spec_vers_cmp':TRUE}, {'reference':'rh-sso7-keycloak-server-4.8.20-1.Final_redhat_00001.1.el6sso', 'release':'6', 'el_string':'el6sso', 'rpm_spec_vers_cmp':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server'); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2108.NASL
description	The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2108 advisory. - keycloak: security issue on reset credential flow (CVE-2020-1718) - keycloak: problem with privacy after user logout (CVE-2020-1724) - keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-18
modified	2020-05-12
plugin id	136520
published	2020-05-12
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136520
title	RHEL 8 : Red Hat Single Sign-On 7.3.8 security update on RHEL 8 (Important) (RHSA-2020:2108)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2108. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136520); script_version("1.1"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/12"); script_cve_id("CVE-2020-1718", "CVE-2020-1724", "CVE-2020-1758"); script_xref(name:"RHSA", value:"2020:2108"); script_name(english:"RHEL 8 : Red Hat Single Sign-On 7.3.8 security update on RHEL 8 (Important) (RHSA-2020:2108)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2108 advisory. - keycloak: security issue on reset credential flow (CVE-2020-1718) - keycloak: problem with privacy after user logout (CVE-2020-1724) - keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/287.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/613.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/297.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2108"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1718"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1724"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1758"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796756"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1800527"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1812514"); script_set_attribute(attribute:"solution", value: "Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_cwe_id(287, 297, 613); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:red_hat_single_sign_on:7"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:red_hat_single_sign_on:7::el8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el8sso', 'release':'8', 'el_string':'el8sso', 'rpm_spec_vers_cmp':TRUE}, {'reference':'rh-sso7-keycloak-server-4.8.20-1.Final_redhat_00001.1.el8sso', 'release':'8', 'el_string':'el8sso', 'rpm_spec_vers_cmp':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server'); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2107.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2107 advisory. - keycloak: security issue on reset credential flow (CVE-2020-1718) - keycloak: problem with privacy after user logout (CVE-2020-1724) - keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-18
modified	2020-05-12
plugin id	136524
published	2020-05-12
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136524
title	RHEL 7 : Red Hat Single Sign-On 7.3.8 security update on RHEL 7 (Important) (RHSA-2020:2107)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2107. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136524); script_version("1.1"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/12"); script_cve_id("CVE-2020-1718", "CVE-2020-1724", "CVE-2020-1758"); script_xref(name:"RHSA", value:"2020:2107"); script_name(english:"RHEL 7 : Red Hat Single Sign-On 7.3.8 security update on RHEL 7 (Important) (RHSA-2020:2107)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2107 advisory. - keycloak: security issue on reset credential flow (CVE-2020-1718) - keycloak: problem with privacy after user logout (CVE-2020-1724) - keycloak: improper verification of certificate with host mismatch could result in information disclosure (CVE-2020-1758) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/287.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/613.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/297.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2107"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1718"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1724"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1758"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796756"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1800527"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1812514"); script_set_attribute(attribute:"solution", value: "Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_cwe_id(287, 297, 613); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:red_hat_single_sign_on:7"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:red_hat_single_sign_on:7::el7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'rh-sso7-keycloak-4.8.20-1.Final_redhat_00001.1.el7sso', 'release':'7', 'el_string':'el7sso', 'rpm_spec_vers_cmp':TRUE}, {'reference':'rh-sso7-keycloak-server-4.8.20-1.Final_redhat_00001.1.el7sso', 'release':'7', 'el_string':'el7sso', 'rpm_spec_vers_cmp':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server'); }

Redhat

rpms

rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el6sso
rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el6sso
rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el7sso
rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el7sso
rh-sso7-keycloak-0:4.8.20-1.Final_redhat_00001.1.el8sso
rh-sso7-keycloak-server-0:4.8.20-1.Final_redhat_00001.1.el8sso

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724