Red Hat Security Advisory: Red Hat Single Sign-On 7.4.0 security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2020-1698 — keycloak: Password leak by logged exception in HttpMethod class CVE-2020-1727 — keycloak: missing input validation in IDP authorization URLs CVE-2020-10968 — jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider CVE-2020-11111 — jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory CVE-2020-11112 — jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider CVE-2020-11113 — jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime CVE-2020-11619 — jackson-databind: Serialization gadgets in org.springframework:spring-aop CVE-2020-11620 — jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2020:5625
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=distributions&version=7.4
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1800573
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1819208
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1821304
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1821311
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1821315
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826798
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826805
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5625.json