Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions
Vulnerability Description
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
不充分权限或特权的处理不恰当
Vulnerability Title
Red Hat 3scale 安全漏洞
Vulnerability Description
Red Hat 3scale是美国红帽(Red Hat)公司的一套API(应用程序编程接口)生命周期管理软件。 Red Hat 3Scale 存在安全漏洞,该漏洞源于令牌自省策略的 use_3scale_oidc_issuer_endpoint 与 RH-SSO 7.5 或更高版本不兼容。
CVSS Information
N/A
Vulnerability Type
N/A