RedHat: RHSA-2022-0034:01 Important: security update of rh-sso-7/sso75
Summary
Red Hat Single Sign-On 7.5 container images for IBM P/Z, based on the
Keycloak project, that provides authentication and standards-based single
sign-on capabilities for web and mobile applications.
This is a security update Red Hat Single Sign-On 7.5, and includes one
security fix.
Security Fix:
* keycloak: Incorrect authorization allows unpriviledged users to create
other users (CVE-2021-4133)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Summary
Solution
The RHEL-8 based Middleware Containers container image provided by this
update
can be downloaded from the Red Hat Container Registry at
registry.access.redhat.com. Installation instructions for your platform are
available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image
specifically, or to the latest image generally.
References
https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-4133 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification/#important
Package List
Topic
A security update is now available for Red Hat Single Sign-On 7.5 containerimages for IBM P/Z.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2033602 - CVE-2021-4133 Keycloak: Incorrect authorization allows unpriviledged users to create other users