Description
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=2050228
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
Related Vulnerabilities
CVE-2021-37306 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base
CVE-2023-40345 Vulnerability in maven package org.jenkins-ci.plugins:delphix
CVE-2022-41930 Vulnerability in maven package org.xwiki.platform:xwiki-platform-user-profile-ui
CVE-2016-4970 Vulnerability in maven package io.netty:netty-handler
CVE-2020-14326 Vulnerability in maven package org.jboss.resteasy:resteasy-core