CVE-2017-2582 Information

Description

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the \InResponseTo\ field in the response.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/101046 http://www.securitytracker.com/id/1041707 https://access.redhat.com/errata/RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2017:3216 https://access.redhat.com/errata/RHSA-2017:3217 https://access.redhat.com/errata/RHSA-2017:3218 https://access.redhat.com/errata/RHSA-2017:3219 https://access.redhat.com/errata/RHSA-2017:3220 https://access.redhat.com/errata/RHSA-2018:2740 https://access.redhat.com/errata/RHSA-2018:2741 https://access.redhat.com/errata/RHSA-2018:2742 https://access.redhat.com/errata/RHSA-2018:2743 https://access.redhat.com/errata/RHSA-2019:0136 https://access.redhat.com/errata/RHSA-2019:0137 https://access.redhat.com/errata/RHSA-2019:0139 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582 https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5