Vulnerabilities > CVE-2021-3461 - Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

redhat

CWE-613

NVD

Published: 2022-04-01

Updated: 2022-04-13

Summary

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Keycloak 9.0.13 Redhat Single Sign ON 7.0 Redhat Single Sign ON 7.4 Redhat Single Sign ON 7.4.7	4

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://bugzilla.redhat.com/show_bug.cgi?id=1941565