Plateforme
java
Composant
keycloak
Corrigé dans
6.0.1
CVE-2019-3868 is a security vulnerability affecting Keycloak versions up to 6.0.0. This flaw allows an attacker with access to the service provider backend to hijack a user's browser session by exploiting the use of the end-user token (access or ID token JWT) as the session cookie for browser sessions in OpenID Connect (OIDC) flows. The vulnerability is resolved in Keycloak 6.0.1 and users are advised to upgrade promptly.
The primary impact of CVE-2019-3868 is the potential for unauthorized access to user accounts and sensitive data. An attacker who can compromise the service provider backend, or intercept network traffic, could obtain the user's token and use it to impersonate them within Keycloak. This could lead to data breaches, privilege escalation, and further compromise of the system. The attack vector relies on the improper handling of tokens as session cookies, a common misconfiguration in OIDC implementations. While the CVSS score is LOW, the potential for session hijacking makes this a significant concern, particularly in environments with strict security requirements.
CVE-2019-3868 was published on April 24, 2019. While no widespread exploitation campaigns have been publicly reported, the vulnerability's ease of exploitation and potential impact make it a target for opportunistic attackers. It is not currently listed on KEV or EPSS. The LOW CVSS score reflects the requirement for backend access or network interception, limiting the attack surface. Public proof-of-concept (POC) code may exist, increasing the risk of exploitation.
Statut de l'Exploit
EPSS
0.27% (percentile 51%)
Vecteur CVSS
The primary mitigation for CVE-2019-3868 is to upgrade Keycloak to version 6.0.1 or later, which contains the fix. If upgrading immediately is not possible, consider implementing stricter session management policies within Keycloak, such as shorter session timeouts and enhanced token validation. Review OIDC configurations to ensure tokens are not being used as session cookies. Web Application Firewalls (WAFs) can be configured to detect and block suspicious token usage patterns, although this is not a substitute for patching. After upgrading, confirm the fix by attempting to reproduce the session hijacking scenario and verifying that the token is no longer used as the session cookie.
Mettez à jour Keycloak à une version ultérieure à la 6.0.0. Cela empêchera l'utilisation des tokens utilisateur comme cookies de session, atténuant ainsi le risque de détournement de session.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2019-3868 is a vulnerability in Keycloak versions up to 6.0.0 that allows an attacker to hijack user browser sessions by exploiting the use of the end-user token as the session cookie. This can lead to unauthorized access to user accounts and data.
You are affected if you are using Keycloak versions prior to 6.0.1. Check your Keycloak version and upgrade immediately if you are using an older version.
The fix is to upgrade Keycloak to version 6.0.1 or later. If immediate upgrade is not possible, review OIDC configurations and implement stricter session management policies.
While no widespread exploitation campaigns have been publicly reported, the vulnerability's ease of exploitation makes it a potential target. Proactive patching is recommended.
Refer to the Keycloak security advisories on the Keycloak website: https://www.keycloak.org/security
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.