Created attachment 253679 [details] net/keycloak Upgrade Keycloak to 25.0.6. Tested on 13.3-RELEASE. Security: CVE-2024-8698 CVE-2024-8883
Can you create record about CVE for security/vuxml/vuln/2024.xml?
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=4ae9c12eba03aa59d7d62d38ccde1edf13392d37 commit 4ae9c12eba03aa59d7d62d38ccde1edf13392d37 Author: Matthias Wolf <freebsd@rheinwolf.de> AuthorDate: 2024-09-20 12:32:46 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-09-20 12:40:40 +0000 net/keycloak: Update 25.0.5 → 25.0.6 (fix CVE-2024-8698 CVE-2024-8883) Changelog: https://www.keycloak.org/2024/09/keycloak-2506-released.html CVE-2024-8883 Vulnerable Redirect URI Validation Results in Open Redirect CVE-2024-8698 Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak PR: 281602 MFH: 2024Q3 net/keycloak/Makefile | 2 +- net/keycloak/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
A commit in branch 2024Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=640611701615f9480b98987b424e792d171a74f3 commit 640611701615f9480b98987b424e792d171a74f3 Author: Matthias Wolf <freebsd@rheinwolf.de> AuthorDate: 2024-09-20 12:32:46 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2024-09-20 12:51:42 +0000 net/keycloak: Update 25.0.5 → 25.0.6 (fix CVE-2024-8698 CVE-2024-8883) Changelog: https://www.keycloak.org/2024/09/keycloak-2506-released.html CVE-2024-8883 Vulnerable Redirect URI Validation Results in Open Redirect CVE-2024-8698 Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak PR: 281602 MFH: 2024Q3 (cherry picked from commit 4ae9c12eba03aa59d7d62d38ccde1edf13392d37) net/keycloak/Makefile | 2 +- net/keycloak/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)