Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zp22-a33x-bqfq
Summary
Duplicate Advisory: Keycloak Session Fixation vulnerability
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5rxp-2rhr-qwqv. This link is maintained to preserve external references.

# Original Description
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when `the turnOffChangeSessionIdOnLogin` option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.
Aliases
0
alias GHSA-j76j-rqwj-jmvv
Fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@25.0.5
purl pkg:maven/org.keycloak/keycloak-services@25.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-5zh4-963a-q3gp
4
vulnerability VCID-6hy1-r23s-cbhy
5
vulnerability VCID-7c1j-kcbb-v3f1
6
vulnerability VCID-bhrr-nn9f-7udu
7
vulnerability VCID-by72-dvnw-m3gu
8
vulnerability VCID-cdsa-wmby-ebbq
9
vulnerability VCID-d2rd-6u56-yfd8
10
vulnerability VCID-d6ku-ys87-cqh4
11
vulnerability VCID-e4ub-v4ef-affb
12
vulnerability VCID-gnxr-2t9g-4ye4
13
vulnerability VCID-gzz6-md9v-b3em
14
vulnerability VCID-m3uj-4mag-kbf2
15
vulnerability VCID-mku9-3bpp-aqbk
16
vulnerability VCID-nxhc-rp71-hbdk
17
vulnerability VCID-pjgz-fa5h-tkfh
18
vulnerability VCID-qgbq-s33g-d7af
19
vulnerability VCID-uuf2-u7xh-uuef
20
vulnerability VCID-ver5-9t6m-c3ef
21
vulnerability VCID-vstv-ec14-quc5
22
vulnerability VCID-w5f1-xryr-fucq
23
vulnerability VCID-x4aw-v76q-vbdc
24
vulnerability VCID-xd7x-aevv-cfcp
25
vulnerability VCID-xfnw-15sz-zyfr
26
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.5
Affected_packages
0
url pkg:maven/org.keycloak/keycloak-services@23.0.0
purl pkg:maven/org.keycloak/keycloak-services@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-2dgt-7k4f-fyce
2
vulnerability VCID-3sh8-6vsc-1uae
3
vulnerability VCID-41hy-n7tz-3bee
4
vulnerability VCID-5f8r-n4mm-y3g6
5
vulnerability VCID-5vwq-aqk5-nkh9
6
vulnerability VCID-5zh4-963a-q3gp
7
vulnerability VCID-6hy1-r23s-cbhy
8
vulnerability VCID-7c1j-kcbb-v3f1
9
vulnerability VCID-91gs-k267-3kbq
10
vulnerability VCID-9wzh-7ych-y7c6
11
vulnerability VCID-ajcu-s4zn-63cn
12
vulnerability VCID-bhrr-nn9f-7udu
13
vulnerability VCID-by72-dvnw-m3gu
14
vulnerability VCID-cdsa-wmby-ebbq
15
vulnerability VCID-cgf7-vbkd-cua6
16
vulnerability VCID-d2rd-6u56-yfd8
17
vulnerability VCID-d6ku-ys87-cqh4
18
vulnerability VCID-e4ub-v4ef-affb
19
vulnerability VCID-ezqk-pyhr-5ffj
20
vulnerability VCID-gnxr-2t9g-4ye4
21
vulnerability VCID-gzz6-md9v-b3em
22
vulnerability VCID-htax-rbrs-mbdu
23
vulnerability VCID-j4ar-u2rr-qkfu
24
vulnerability VCID-ju1d-vwgb-bqbn
25
vulnerability VCID-m3uj-4mag-kbf2
26
vulnerability VCID-mku9-3bpp-aqbk
27
vulnerability VCID-n76a-pfh2-57bn
28
vulnerability VCID-nxhc-rp71-hbdk
29
vulnerability VCID-pjgz-fa5h-tkfh
30
vulnerability VCID-qgbq-s33g-d7af
31
vulnerability VCID-rrkd-31d4-9yaq
32
vulnerability VCID-sgbm-r5mm-sbbx
33
vulnerability VCID-uuf2-u7xh-uuef
34
vulnerability VCID-v7r6-3873-77dc
35
vulnerability VCID-ver5-9t6m-c3ef
36
vulnerability VCID-vstv-ec14-quc5
37
vulnerability VCID-w5f1-xryr-fucq
38
vulnerability VCID-whsx-d6an-hkdm
39
vulnerability VCID-x4aw-v76q-vbdc
40
vulnerability VCID-xd7x-aevv-cfcp
41
vulnerability VCID-xfnw-15sz-zyfr
42
vulnerability VCID-y1h3-yyn9-53fr
43
vulnerability VCID-ysyw-rgyv-bkhj
44
vulnerability VCID-z2bw-n4x2-a7gj
45
vulnerability VCID-zp22-a33x-bqfq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0
1
url pkg:maven/org.keycloak/keycloak-services@25.0.0
purl pkg:maven/org.keycloak/keycloak-services@25.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-5zh4-963a-q3gp
4
vulnerability VCID-6hy1-r23s-cbhy
5
vulnerability VCID-7c1j-kcbb-v3f1
6
vulnerability VCID-bhrr-nn9f-7udu
7
vulnerability VCID-by72-dvnw-m3gu
8
vulnerability VCID-cdsa-wmby-ebbq
9
vulnerability VCID-d2rd-6u56-yfd8
10
vulnerability VCID-d6ku-ys87-cqh4
11
vulnerability VCID-e4ub-v4ef-affb
12
vulnerability VCID-ezqk-pyhr-5ffj
13
vulnerability VCID-gnxr-2t9g-4ye4
14
vulnerability VCID-gzz6-md9v-b3em
15
vulnerability VCID-m3uj-4mag-kbf2
16
vulnerability VCID-mku9-3bpp-aqbk
17
vulnerability VCID-nxhc-rp71-hbdk
18
vulnerability VCID-pjgz-fa5h-tkfh
19
vulnerability VCID-qgbq-s33g-d7af
20
vulnerability VCID-uuf2-u7xh-uuef
21
vulnerability VCID-ver5-9t6m-c3ef
22
vulnerability VCID-vstv-ec14-quc5
23
vulnerability VCID-w5f1-xryr-fucq
24
vulnerability VCID-x4aw-v76q-vbdc
25
vulnerability VCID-xd7x-aevv-cfcp
26
vulnerability VCID-xfnw-15sz-zyfr
27
vulnerability VCID-y1h3-yyn9-53fr
28
vulnerability VCID-ysyw-rgyv-bkhj
29
vulnerability VCID-zp22-a33x-bqfq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.0
References
0
reference_url https://access.redhat.com/errata/RHSA-2024:6493
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6493
1
reference_url https://access.redhat.com/errata/RHSA-2024:6494
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6494
2
reference_url https://access.redhat.com/errata/RHSA-2024:6495
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6495
3
reference_url https://access.redhat.com/errata/RHSA-2024:6497
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6497
4
reference_url https://access.redhat.com/errata/RHSA-2024:6499
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6499
5
reference_url https://access.redhat.com/errata/RHSA-2024:6500
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6500
6
reference_url https://access.redhat.com/errata/RHSA-2024:6501
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6501
7
reference_url https://access.redhat.com/errata/RHSA-2024:6502
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6502
8
reference_url https://access.redhat.com/errata/RHSA-2024:6503
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6503
9
reference_url https://access.redhat.com/security/cve/CVE-2024-7341
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2024-7341
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302064
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2302064
11
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
12
reference_url https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c
13
reference_url https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1
14
reference_url https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7341
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7341
16
reference_url https://github.com/advisories/GHSA-j76j-rqwj-jmvv
reference_id GHSA-j76j-rqwj-jmvv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j76j-rqwj-jmvv
Weaknesses
0
cwe_id 384
name Session Fixation
description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zp22-a33x-bqfq