Vulnerability Details : CVE-2017-2582
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
Vulnerability category: Information leak
Products affected by CVE-2017-2582
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2582
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2582
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Red Hat, Inc. |
CWE ids for CVE-2017-2582
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2017-2582
-
https://access.redhat.com/errata/RHSA-2019:0139
RHSA-2019:0139 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:2809
RHSA-2017:2809 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:2740
RHSA-2018:2740 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:2811
RHSA-2017:2811 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:2808
RHSA-2017:2808 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:3217
RHSA-2017:3217 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:2810
RHSA-2017:2810 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://www.securityfocus.com/bid/101046
Picketlink and KeyCloak CVE-2017-2582 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:3218
RHSA-2017:3218 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237
KEYCLOAK-4160 by hmlnarik · Pull Request #3715 · keycloak/keycloak · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582
1410481 – (CVE-2017-2582) CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system propertiesIssue Tracking;Patch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:3216
RHSA-2017:3216 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://www.securitytracker.com/id/1041707
Red Hat JBoss EAP Component Errors Let Remote Users Deny Service and Remote Authenticated Users Gain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:3220
RHSA-2017:3220 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:3219
RHSA-2017:3219 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:2741
RHSA-2018:2741 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:2742
RHSA-2018:2742 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:0136
RHSA-2019:0136 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2019:0137
RHSA-2019:0137 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:2743
RHSA-2018:2743 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to