CVE-2024-8698: 
Java vulnerability analysis and mitigation

A critical security vulnerability (CVE-2024-8698) has been identified in the Keycloak XMLSignatureUtil class affecting the SAML signature validation method. The vulnerability was disclosed on September 19, 2024, affecting Keycloak and Red Hat Single Sign-On implementations. The flaw exists in how the system determines whether a SAML signature is for the full document or specific assertions, basing this decision on the signature's position in the XML document rather than the Reference element (NVD).

The vulnerability stems from an improper implementation in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The system incorrectly uses the position of the signature within the XML document to determine signature scope (full document vs. specific assertions) instead of properly validating the Reference element. The vulnerability has been assigned a CVSS v3.1 base score of 7.7 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L (Red Hat CVE).

The vulnerability can allow attackers to create crafted SAML responses that bypass signature validation, potentially leading to privilege escalation or impersonation attacks. This could result in unauthorized access to protected resources and compromise of system security (NVD).

Red Hat has released security updates to address this vulnerability across multiple products including Red Hat Single Sign-On 7.6, Red Hat build of Keycloak 22.0.13 and 24.0.8, and Red Hat JBoss Enterprise Application Platform 8.0.4. Users are strongly advised to update to the latest versions available through the provided security advisories (RHSA-2024:6878, RHSA-2024:6889).