Wyoming’s secretary of state has proposed ways of “preventing fraud and abuse of corporate filings by commercial registered agents” in the aftermath of the scheme’s exposure.

For years, the Federal Bureau of Investigation has been unraveling what it asserts is a scam perpetrated by agents of North Korea, which used fake companies employing real IT workers to funnel money back to the regime’s military.

An American company played a key role in creating shell companies used as part of the scheme, a WIRED review of public records shows. Elected officials are now contemplating addressing loopholes in business-registration law that the scheme exposed.

In May, Wyoming secretary of state Chuck Gray revoked the business licenses of three companies linked to the North Korean scam: Culture Box LLC, Next Nets LLC, and Blackish Tech LLC. Gray said his office made the decision after receiving information from the FBI and conducting an investigation.

“The communist, authoritarian Kim Jong Un regime has no place in Wyoming,” Gray said in a May press release.

The companies posed as legitimate operations where businesses could hire contract workers to perform IT solutions, complete with fake websites featuring smiling photos of apparent employees. The companies all had one thing in common: Their incorporation documents were filed by a company called Registered Agents Inc., which says its global headquarters is in Sheridan, Wyoming.

Registered Agents, which provides incorporation services in every US state, takes the practice of business privacy to the extreme, and regularly uses fake personae to file formation documents with state agencies, a WIRED investigation previously found.

Culture Box LLC, one of the companies that Gray and the FBI linked to North Korea, listed “Riley Park” as the name of a Registered Agents employee on documents submitted to the Wyoming secretary of state. Park, according to several former employees of Registered Agents, is a fake persona that the company regularly used to file incorporation documents.

In a statement provided to WIRED, Registered Agents wrote, “The Wyoming Secretary of State dissolved the entities and we initiated the 30-day process to resign as their agent in mid-May. Ours and Wyoming's processes to identify bad actors works. It strikes the best balance of individual privacy and business transparency supported by an entire ecosystem that cares about supporting entrepreneurs while rooting out the small percent of scammers.” The FBI’s St. Louis office, which led the investigation, did not respond to a request for comment.

The North Korean operation worked like this: Agents of the regime created fake companies purporting to be legitimate firms offering freelance IT services. Workers hired by North Koreans, or North Koreans themselves, would then perform legitimate contractor work, often using assumed identities.

In some instances, Americans would set up low-cost laptops with remote-access software, allowing North Korean workers to perform freelance IT work while appearing to use American IP addresses. The FBI referred to these Americans as “virtual assistants.”

The payments for the IT work were eventually funneled back to North Korea—where, the Department of Justice asserts, it was directed to the country’s Ministry of Defense and other agencies involved in WMD work. The scheme was so expansive that any company that hired freelance IT workers “more than likely” hired someone involved in the operation, according to FBI agent Jay Greenberg.

The shell companies created in Wyoming were used to hire virtual assistants and receive payments.

“I discovered that North Korean IT workers create and use domain names and limited liability companies (LLCs) in furtherance of their fraudulent activity and to mask their true identities as North Koreans. The LLCs are used to recruit ‘Virtual Assistants’ who can receive and ship devices needed for the North Korean IT workers as well as recruit and employ software developers from countries such as Pakistan, India, and China,” an FBI agent wrote in a May affidavit. “These LLCs are often registered in the United States through business registry services and sometimes use the identities of individuals who had a previous relationship with North Korean IT workers.”

The affidavit alleges that money from North Korean workers was used to purchase domain names for the IT front companies, in violation of sanctions laws. The domains were purchased using “payment service providers” with accounts belonging to the Wyoming companies.

In response to a request for comment from WIRED, the Wyoming secretary of state’s office said that it has “increased the number of complete, in-person audits of commercial registered agents, resulting in several ongoing investigations, as well as the issuance of findings and orders.”

The secretary of state has offered proposals to the Wyoming state legislature “aimed at preventing fraud and abuse of corporate filings by commercial registered agents, as ways to strengthen the Wyoming secretary of state's administrative authority to dissolve business entities controlled by foreign adversaries,” said Joe Rubino, the chief policy officer and general counsel at the Wyoming Secretary of State's Office.

An American Company Enabled a North Korean Scam That Raised Money for WMDs

These scammers are persistent and want your billing information to extort money from you.

Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them.

A few months later, we checked and were able to find as many Google ads as before, following very much the same pattern. In addition, we can see that miscreants are trying to legitimize their operations by creating fake U.S.-based entities.

**Utility-based ads targeting mobile phones**

It only took us 15 minutes to find about a dozen fraudulent ads on Google related to utility bills. This campaign is targeting mobile devices only, as far as we can tell, and U.S. residents. All the ads seen below belong to different advertisers based in Pakistan.

Some of those advertiser accounts have a fairly large footprint with several hundred ads.

Most often, the ad is not associated with a landing page (although a URL is displayed); instead clicking on the ad will bring up the phone number and prompt you to dial. Having said that, the domains used belong to the scammers and are often fairly new.

We also saw several ads that at first appear somewhat legitimate. They are registered to advertisers based in the US and their websites look almost authentic. But when you start checking the details, you realize some things don’t add up, such as an address that leads to an apartment complex.

**Consumer protection**

The Federal Trade Commission (FTC) has an article about utility scams, however the technique mentioned there is about scammers calling victims, rather than the other way around. For good reason many people won’t answer the phone when it shows an unknown number as it is likely yet another telemarketer. Certainly, there are victims that will answer the phone but the scam is much more effective when you are the one to initiate the call.

We have reported the fraudulent advertiser accounts to Google while we are also adding related domains to our blocklist. Remember to be extremely vigilant before calling anyone, especially if that number came from an advertisement. If in doubt, go directly to your utility company’s website using a computer and then look for a form or phone number that you can verify before dialing.

 Utility scams update 

# Details
## 1. All Imagick supported Fileformats are served without filtering

The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize than the original. For example we can create a .txt file for all thumbnails, and we get the text representation of the image.

We can demonstrate that with the pimcore demo: 

This Thumbnail is found on the Frontend: https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb__317__standardTeaser/11.8c64bd89.avif (12kb Filesize)

We can generate a text representation by simply changing the file extension: https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb__317__standardTeaser/11.8c64bd89.txt (4.59mb Filesize)

Other (large) fileformats we tested: ftxt, dip, bmp, bmp3, bmp2, farbfeld, cmyk, cmyka, ycbcr, ycbcra and many more (just check imagemagick supported formats)

With that we can fill the available space of a server really easy.

With formats like yaml or json we can also expose exif data of the original image file - could be a concern with gps data in user uploaded images.

### TLDR

- we can generate all imagemagick supported formats with all thumbnail configs
- all configs were the format is set to "auto (Web-optimized)" are vulnerable
- private (exif) data can be exposed.
- We can flood the the server with a bunch of files that are a multiple magnitudes of the original thumbnail size (see txt example), for all thumbnail configs, with every image that we find (scriptable)

### Proposed Solution

Implement a list of allowed formats that the developer can modify if needed, if a file is requested in another format than listed, pimcore should return either "/bundles/pimcoreadmin/img/filetype-not-supported.svg" or a 404.

```yaml
pimcore:
    thumbnails:
    	allowed_formats: ['jpg', 'png', 'avif', 'webp', 'gif']
```

For non-maintained Pimcore versions (<11), the webserver config could be used to only serve files that should be allowed. 

## 2. Non Web optimized file formats (ORIGINAL, JPG, PNG)  creates duplicated files on Server

With Thumbnail config that are configured to serve non web optimized file formats (such as ORIGINAL, jpg, png, print, etc) we can create files with arbitrary file formats that are saved to disk.

For example, the thumbnail configuration "print_backgroundimage" (in the pimcore demo) can be used to create files such as: 

https://demo.pimcore.fun/Car%20Images/jaguar/3/image-thumb__3__print_backgroundimage/auto-3095119.aaa
https://demo.pimcore.fun/Car%20Images/jaguar/3/image-thumb__3__print_backgroundimage/auto-3095119.aab
https://demo.pimcore.fun/Car%20Images/jaguar/3/image-thumb__3__print_backgroundimage/auto-3095119.aac 

Each request creates a new copy of the original (jpg) thumbnail file. The server can be flooded with a bunch of files.

Code for this mechanism is here: https://github.com/pimcore/pimcore/blob/11.x/models/Asset/Service.php#L621-L623

### Proposed Solution

Use same filtered list from "All Imagick supported Fileformats are served without filtering" and do not copy the arbitrary file to disk, just serve the original image file under the "new" name.

## 3. Scaling Factor is not limited and can be modified via url

We can scale each thumbnail to an arbitrary factor with @<float>x added to the request url.

For example: 

https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb__317__standardTeaser/11.8c64bd89@1x.avif
https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb__317__standardTeaser/11.8c64bd89@1.01x.avif
https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb__317__standardTeaser/11.8c64bd89@1.08x.avif
https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb__317__standardTeaser/11.8c64bd89@2x.avif

If the thumbnail config allows "forced" resizing, we could also do something like:

https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb__317__standardTeaser/11.8c64bd89@192x.avif  

Each request will create a new file, flooding the server with more files.
If the factor is big enough, we can also max out the CPU with a single request for quite some time (only really a problem with "forced")

In combination with the first vulnerability we can also generate (large) text files for scaled images:

https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb__317__standardTeaser/11.8c64bd89@4x.txt (6.6 mb filesize)

### Proposed solution

Limit scale factors with an allowlist:

```yaml
pimcore:
    thumbnails:
    	allowed_scale_factors: [1.25, 1.5, 2, 4]
```


# Impact
All Pimcore Instances are affected, as far as we can see, also all versions

**Details****1\. All Imagick supported Fileformats are served without filtering**

The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize than the original. For example we can create a .txt file for all thumbnails, and we get the text representation of the image.

We can demonstrate that with the pimcore demo:

This Thumbnail is found on the Frontend: https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb\_\_317\_\_standardTeaser/11.8c64bd89.avif (12kb Filesize)

We can generate a text representation by simply changing the file extension: https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb\_\_317\_\_standardTeaser/11.8c64bd89.txt (4.59mb Filesize)

Other (large) fileformats we tested: ftxt, dip, bmp, bmp3, bmp2, farbfeld, cmyk, cmyka, ycbcr, ycbcra and many more (just check imagemagick supported formats)

With that we can fill the available space of a server really easy.

With formats like yaml or json we can also expose exif data of the original image file - could be a concern with gps data in user uploaded images.

**TLDR**

*   we can generate all imagemagick supported formats with all thumbnail configs
*   all configs were the format is set to "auto (Web-optimized)" are vulnerable
*   private (exif) data can be exposed.
*   We can flood the the server with a bunch of files that are a multiple magnitudes of the original thumbnail size (see txt example), for all thumbnail configs, with every image that we find (scriptable)

**Proposed Solution**

Implement a list of allowed formats that the developer can modify if needed, if a file is requested in another format than listed, pimcore should return either "/bundles/pimcoreadmin/img/filetype-not-supported.svg" or a 404.

pimcore:
    thumbnails:
    	allowed\_formats: \['jpg', 'png', 'avif', 'webp', 'gif'\]

For non-maintained Pimcore versions (<11), the webserver config could be used to only serve files that should be allowed.

**2\. Non Web optimized file formats (ORIGINAL, JPG, PNG) creates duplicated files on Server**

With Thumbnail config that are configured to serve non web optimized file formats (such as ORIGINAL, jpg, png, print, etc) we can create files with arbitrary file formats that are saved to disk.

For example, the thumbnail configuration "print\_backgroundimage" (in the pimcore demo) can be used to create files such as:

https://demo.pimcore.fun/Car%20Images/jaguar/3/image-thumb\_\_3\_\_print\_backgroundimage/auto-3095119.aaa  
https://demo.pimcore.fun/Car%20Images/jaguar/3/image-thumb\_\_3\_\_print\_backgroundimage/auto-3095119.aab  
https://demo.pimcore.fun/Car%20Images/jaguar/3/image-thumb\_\_3\_\_print\_backgroundimage/auto-3095119.aac

Each request creates a new copy of the original (jpg) thumbnail file. The server can be flooded with a bunch of files.

Code for this mechanism is here: https://github.com/pimcore/pimcore/blob/11.x/models/Asset/Service.php#L621-L623

**Proposed Solution**

Use same filtered list from "All Imagick supported Fileformats are served without filtering" and do not copy the arbitrary file to disk, just serve the original image file under the "new" name.

**3\. Scaling Factor is not limited and can be modified via url**

We can scale each thumbnail to an arbitrary factor with @x added to the request url.

For example:

https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb\_\_317\_\_standardTeaser/11.8c64bd89@1x.avif  
https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb\_\_317\_\_standardTeaser/11.8c64bd89@1.01x.avif  
https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb\_\_317\_\_standardTeaser/11.8c64bd89@1.08x.avif  
https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb\_\_317\_\_standardTeaser/11.8c64bd89@2x.avif

If the thumbnail config allows "forced" resizing, we could also do something like:

https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb\_\_317\_\_standardTeaser/11.8c64bd89@192x.avif

Each request will create a new file, flooding the server with more files.  
If the factor is big enough, we can also max out the CPU with a single request for quite some time (only really a problem with "forced")

In combination with the first vulnerability we can also generate (large) text files for scaled images:

https://demo.pimcore.fun/Sample%20Content/Background%20Images/317/image-thumb\_\_317\_\_standardTeaser/11.8c64bd89@4x.txt (6.6 mb filesize)

**Proposed solution**

Limit scale factors with an allowlist:

pimcore:
    thumbnails:
    	allowed\_scale\_factors: \[1.25, 1.5, 2, 4\]

**Impact**

All Pimcore Instances are affected, as far as we can see, also all versions

**References**

*   GHSA-277c-5vvj-9pwx
*   https://nvd.nist.gov/vuln/detail/CVE-2024-32871
*   pimcore/pimcore@38af70b
*   pimcore/pimcore@a6821a1

GHSA-277c-5vvj-9pwx: Flooding Server with Thumbnail files

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the “magical” things about it was that the data doesn’t leave your laptop; the Windows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long.

Two weeks ahead of Recall’s launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.

Dubbed TotalRecall—yes, after the 1990 sci-fi film—the tool can pull all the information that Recall saves into its main database on a Windows laptop. “The database is unencrypted. It’s all plain text,” Hagenah says.⁩ Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. “It’s a Trojan 2.0 really, built in,” Hagenah says, adding that he built TotalRecall—which he’s releasing on GitHub—in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches.

The company unveiled Recall as part of a Surface laptop event last month. The tool continuously takes screenshots of whatever’s happening on your PC. Recall is intended to allow people to “retrieve” things you’ve done on your machine—whether it’s web pages you’ve visited or messages you’ve been sent—using natural language search queries. Microsoft’s description of the tool says Recall could be used to search for recipes you’ve looked at online but whose websites you’ve forgotten.

TotalRecall, Hagenah says, can automatically work out where the Recall database is on a laptop and then make a copy of the file, parsing all the data as it does so. While Microsoft’s new Copilot+ PCs aren’t out yet, it’s possible to use Recall by emulating a version of the devices. “It does everything automatically,” he says. The system can set a date range for extracting the data—for instance, pulling information from only one specific week or day. Pulling one day of screenshots from Recall, which stores its information in an SQLite database, took two seconds at most, Hagenah⁩ says.

Included in what the database captures are screenshots of whatever is on your desktop—a potential gold mine for criminal hackers or domestic abusers who may physically access their victim’s device. Images include captures of messages sent on encrypted messaging apps Signal and WhatsApp, and remain in the captures regardless of whether disappearing messages are turned on in the apps. There are records of websites visited and every bit of text displayed on the PC. Once TotalRecall has been deployed, it will generate a summary about the data; it is also possible to search for specific terms in the database.

Hagenah⁩ says an attacker could get a huge amount of information about their target, including insights into their emails, personal conversations, and any sensitive information that’s captured by Recall.

Hagenah’s work builds on findings from cybersecurity researcher Kevin Beaumont, who has detailed how much information Recall captures and how easy it can be to extract it. Beaumont also says he has built a website where a Recall database can be uploaded and instantly searched. He says he hasn’t released the site yet, to allow Microsoft time to potentially change the system. “InfoStealer trojans, which automatically steal usernames and passwords, are a major problem for well over a decade—now these can just be easily modified to support Recall,” Beaumont writes.

The criticisms come as hacks of Microsoft systems have led to various US government data breaches; Nadella has said security should be Microsoft’s “top priority.” Microsoft did not respond to WIRED’s request for comment about the security features of Recall by the time of publication.

Recall’s privacy pages say it is possible to disable saving screenshots (effectively turning Recall off), pause the system temporarily, filter applications where screenshots are taken, and delete what is gathered at any time. Recall runs on the laptop itself, storing data it captures on the device and not sending this information to Microsoft’s servers. Hagenah⁩ says this claim appears to be true, with no signs that data is sent to Microsoft.

Microsoft is, at least, aware of some of the possible privacy and security-related issues with Recall: Its help pages say the system does not perform any content moderation on what is contained in the images it saves. This means, Microsoft says in the guide, that it won’t “hide information such as passwords or financial account numbers.” Security researchers have already been able to extract passwords from Recall.

Recall’s main database is stored on the laptop’s system directory, and while it needs administrator rights to access, privilege escalation attacks have been around for years, making it theoretically possible for an attacker to gain initial access to a device remotely.

Hagenah⁩ says that in cases of employers with “bring your own devices” policies, there’s a risk of someone leaving with huge volumes of company data saved on their laptops. That’s a particular risk if they’re disgruntled or leave on bad terms, he says. The UK’s data protection regulator, the Information Commissioner’s Office, has asked Microsoft to provide more details about Recall and its privacy.

While Recall remains as a “preview” feature and, according to Microsoft’s small print, could change before it launches, Beaumont writes in his research that the company “should recall Recall and rework it to be the feature it deserves to be, delivered at a later date.” He adds: “They also need to review the internal decisionmaking that led to this situation, as this kind of thing should not happen.”

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

Red Hat Security Advisory 2024-3576-03 - New images are available for Red Hat build of Keycloak 24.0.5 and Red Hat build of Keycloak 24.0.5 Operator, running on OpenShift Container Platform.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3576.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat build of Keycloak 24.0.5 Images enhancement and security updateAdvisory ID:        RHSA-2024:3576-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3576Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: New images are available for Red Hat build of Keycloak 24.0.5 and Red Hat build of Keycloak 24.0.5 Operator, running on OpenShift Container PlatformRed Hat Product Security has rated this update as having a security impact ofLow. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 24.0.5 clusters.This erratum releases new images for Red Hat build of Keycloak 24.0.5 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR)KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Red Hat Security Advisory 2024-3576-03

Red Hat Security Advisory 2024-3575-03 - An update is now available for Red Hat build of Keycloak.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3575.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat build of Keycloak 24.0.5 enhancement and security updateAdvisory ID:        RHSA-2024:3575-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3575Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: An update is now available for Red Hat build of Keycloak.Red Hat Product Security has rated this update as having a security impact ofLow. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Red Hat build of Keycloak 24.0.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Red Hat Security Advisory 2024-3575-03

Red Hat Security Advisory 2024-3574-03 - New Red Hat build of Keycloak 22.0.11 packages are available from the Customer Portal.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3574.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat build of Keycloak 22.0.11 enhancement and security updateAdvisory ID:        RHSA-2024:3574-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3574Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: New Red Hat build of Keycloak 22.0.11 packages are available from the Customer PortalRed Hat Product Security has rated this update as having a security impact ofLow. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Red Hat build of Keycloak 22.0.11 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat build of Keycloak 22.0.11 serves as a replacement for Red Hat Single Sign-On 7.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR)KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Red Hat Security Advisory 2024-3574-03

Red Hat Security Advisory 2024-3573-03 - New images are available for Red Hat build of Keycloak 22.0.11 and Red Hat build of Keycloak 22.0.11 Operator, running on OpenShift Container Platform.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3573.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat build of Keycloak 22.0.11 Images enhancement and security updateAdvisory ID:        RHSA-2024:3573-03Product:            Red Hat build of KeycloakAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3573Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: New images are available for Red Hat build of Keycloak 22.0.11 and Red Hat build of Keycloak 22.0.11 Operator, running on OpenShift Container PlatformRed Hat Product Security has rated this update as having a security impact ofLow. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 22.0.11 clusters.This erratum releases new images for Red Hat build of Keycloak 22.0.11 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR)KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Red Hat Security Advisory 2024-3573-03

Red Hat Security Advisory 2024-3572-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3572.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat Single Sign-On 7.6.9 security updateAdvisory ID:        RHSA-2024:3572-03Product:            Red Hat Single Sign-OnAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3572Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.Red Hat Product Security has rated this update as having a security impact of Low and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:<< AUTOMATICALLY GENERATED, EDIT PLEASE >>Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.6.9 serves as a replacement for Red Hat Single Sign-On 7.6.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR)KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Red Hat Security Advisory 2024-3572-03

Red Hat Security Advisory 2024-3570-03 - A new image is available for Red Hat Single Sign-On 7.6.9, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3570.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat Single Sign-On 7.6.9 for OpenShift image enhancement updateAdvisory ID:        RHSA-2024:3570-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3570Issue date:         2024-06-03Revision:           03CVE Names:          CVE-2024-4540====================================================================Summary: A new image is available for Red Hat Single Sign-On 7.6.9, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.Red Hat Product Security has rated this update as having a security impact of Low and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Single Sign-On is an integrated sign-on solution, available as aRed Hat JBoss Middleware for OpenShift containerized image. The Red HatSingle Sign-On for OpenShift image provides an authentication server thatyou can use to log in centrally, log out, and register. You can also manageuser accounts for web applications, mobile applications, and RESTful webservices.This erratum releases a new image for Red Hat Single Sign-On 7.6.9 foruse within the OpenShift Container Platform 3.10, OpenShift Container Platform3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) foron-premise or private cloud deployments, aligning with the standalone product release.Security Fix(es):* exposure of sensitive information in Pushed Authorization Requests (PAR)KC_RESTART cookie (CVE-2024-4540)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.9.GA/templates/${resource}CVEs:CVE-2024-4540References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2279303

Tag

#web