{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-0560", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-01-15T13:16:09.681Z", "datePublished": "2024-02-28T16:37:01.247Z", "dateUpdated": "2024-04-25T16:17:37.824Z"}, "containers": {"cna": {"title": "Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "2.14.1", "versionType": "semver"}], "packageName": "APIcast", "collectionURL": "https://github.com/3scale/APIcast", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat 3scale API Management Platform 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "apicast", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:red_hat_3scale_amp:2"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-0560", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258456", "name": "RHBZ#2258456", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/3scale/APIcast/pull/1438"}], "datePublic": "2024-02-28T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-280", "description": "Improper Handling of Insufficient Permissions or Privileges ", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ", "workarounds": [{"lang": "en", "value": "Use an alternate auth_type: auth_type: client_id+client_secret. Disabling the policy entirely might be a temporary solution if the alternate {{auth_type is not feasible for some reason. The only purpose the token introspection endpoint serves is for sessions that are revoked in RH SSO before the standard TTL expires via the exp claim."}], "timeline": [{"lang": "en", "time": "2024-01-15T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-28T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-04-25T16:17:37.824Z"}}}}

{"descriptions": [{"lang": "en", "value": "A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en 3Scale, cuando se usa con Keycloak 15 (o RHSSO 7.5.0) y superiores. Cuando auth_type es use_3scale_oidc_issuer_endpoint, la pol\u00edtica de Token Introspection descubre el endpoint de Token Introspection desde el campo token_introspection_endpoint, pero el campo se elimin\u00f3 en RH-SSO 7.5. Como resultado, la pol\u00edtica no inspecciona los tokens, sino que determina que todos los tokens son v\u00e1lidos."}], "id": "CVE-2024-0560", "lastModified": "2024-02-29T13:49:47.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-02-28T17:15:08.340", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-0560"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258456"}, {"source": "secalert@redhat.com", "url": "https://github.com/3scale/APIcast/pull/1438"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-280"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}