A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1941565 | Issue Tracking Patch Third Party Advisory |
Configurations
History
13 Apr 2022, 13:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 7.1 |
CWE | CWE-613 | |
CPE | cpe:2.3:a:redhat:single_sign-on:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:9.0.13:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:7.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
|
First Time |
Redhat keycloak
Redhat single Sign-on Redhat |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1941565 - Issue Tracking, Patch, Third Party Advisory |
01 Apr 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-01 23:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-3461
Mitre link : CVE-2021-3461
CVE.ORG link : CVE-2021-3461
JSON object : View
Products Affected
redhat
- keycloak
- single_sign-on
CWE
CWE-613
Insufficient Session Expiration