CVE-2017-12159 - OpenCVE

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Keycloak	Keycloak
Redhat	Single Sign On Enterprise Linux Server

Configuration 1 [-]

AND

OR	cpe:2.3:a:redhat:single_sign_on:7.0:::::::*
	cpe:2.3:a:redhat:single_sign_on:7.1:::::::*

OR	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

Configuration 2 [-]

cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/101601	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2904	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2905	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2906	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1484111	Issue Tracking VDB Entry Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-10-17T00:00:00

Updated: 2017-10-28T09:57:01

Reserved: 2017-08-01T00:00:00

Link: CVE-2017-12159

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-26T17:29:00.267

Modified: 2019-10-09T23:22:23.293

Link: CVE-2017-12159

JSON object: View

Redhat Information

No data.

CWE

CWE-613

{"containers": {"cna": {"affected": [{"product": "keycloak", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "3.4.0"}]}], "datePublic": "2017-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-10-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"}, {"name": "RHSA-2017:2904", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2904"}, {"name": "RHSA-2017:2905", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2905"}, {"name": "RHSA-2017:2906", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2906"}, {"name": "101601", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101601"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-10-17T00:00:00", "ID": "CVE-2017-12159", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "keycloak", "version": {"version_data": [{"version_value": "3.4.0"}]}}]}, "vendor_name": "Red Hat, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-613"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"}, {"name": "RHSA-2017:2904", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2904"}, {"name": "RHSA-2017:2905", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2905"}, {"name": "RHSA-2017:2906", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2906"}, {"name": "101601", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101601"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12159", "datePublished": "2017-10-17T00:00:00", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2017-10-28T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF1B9058-6085-456E-B86B-59C5B6169768", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "11FE6021-DBE7-4FFD-B021-F97EF80BDEEA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*", "matchCriteriaId": "571D4D3F-5768-4F93-9337-3D82B7E0C118", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks."}, {"lang": "es", "value": "Se ha descubierto que la cookie empleada para la prevenci\u00f3n de CSRF en Keycloak no era \u00fanica para cada sesi\u00f3n. Un atacante podr\u00eda usar este fallo para obtener acceso a una sesi\u00f3n de un usuario autenticado, conduciendo a una posible divulgaci\u00f3n de informaci\u00f3n o a m\u00e1s ataques."}], "id": "CVE-2017-12159", "lastModified": "2019-10-09T23:22:23.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-26T17:29:00.267", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101601"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2904"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2905"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2906"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "VDB Entry", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "secalert@redhat.com", "type": "Secondary"}]}