CVE-2024-8698

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 24.0.0

Description A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks. Over 760K services are found to be potentially affected.

Recommendations For versions prior to 24.0.0, upgrade to 24.0.0 or later to secure your data. As a temporary workaround, consider restricting access to the SAML authentication module until a patch is available. Avoid using the vulnerable SAML signature validation process in the Keycloak XMLSignatureUtil class until the issue is resolved.