A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.
rh-sso-7/sso76 Rocky
Fixed in: openshift-rhel8@sha256:d55d98c3e4258b1423420db9901b498535661aa3a09e8be4eb47250e400df8a6_amd64 RHSA-2024:6497 Fixed in: openshift-rhel8@sha256:40c47f9cae2331f55c1528a7df659f4d06834eb1e1a35ff9fe70a8646f4b2b42_ppc64le RHSA-2024:6497 Fixed in: openshift-rhel8@sha256:d6ee9ecf6b34e8981017dd1f8b51e6e3e6ccdfcf689835180c97eae9f28ba1ad_s390x RHSA-2024:6497 rh-sso-7/sso76 Red Hat / RHEL
Fixed in: openshift-rhel8@sha256:40c47f9cae2331f55c1528a7df659f4d06834eb1e1a35ff9fe70a8646f4b2b42_ppc64le RHSA-2024:6497 Fixed in: openshift-rhel8@sha256:d6ee9ecf6b34e8981017dd1f8b51e6e3e6ccdfcf689835180c97eae9f28ba1ad_s390x RHSA-2024:6497 Fixed in: openshift-rhel8@sha256:d55d98c3e4258b1423420db9901b498535661aa3a09e8be4eb47250e400df8a6_amd64 RHSA-2024:6497 rh-sso7-keycloak Red Hat / RHEL
rh-sso7-keycloak-server Rocky
rh-sso7-keycloak-server Red Hat / RHEL
rhbk/keycloak Rocky
Fixed in: rhel9-operator@sha256:0b6f71aa1735670a881e0c9fd6c95851f077fb204e004beffc8481d7220ae095_s390x RHSA-2024:6502 Fixed in: rhel9@sha256:00a713fd08f68df2e3b06c9131eb732febb70e795e0345e7a5df1d1fb8ac45b4_amd64 RHSA-2024:6502 Fixed in: operator-bundle@sha256:c8d17b07c4e84a514529674d019668e003f85a672f30213ba9320aa81f64d010_amd64 RHSA-2024:6502 Fixed in: rhel9-operator@sha256:201b5716a28a2d31338a75e844259f278612354010c6c3ac1ccfb60bd194df29_amd64 RHSA-2024:6502 Fixed in: rhel9@sha256:71ca272bd39f0b082758f0c82df1302d9b51a5b445010944f734242bbe2eefb6_ppc64le RHSA-2024:6502 Fixed in: rhel9@sha256:6fd26b6c895ab17f670e119376a956400fe35b2b3ea99a07a5fa4dd08cb8eb95_amd64 RHSA-2024:6500 Fixed in: operator-bundle@sha256:43fc6282df4d91c68a9618f9bf2a4159690e69c207b8ba60e907dd64847fdc53_amd64 RHSA-2024:6500 Fixed in: rhel9-operator@sha256:73e1d687a59f2adff13c64109c9f7da91e340c73eae673905360bf86925820e8_amd64 RHSA-2024:6500 Fixed in: rhel9@sha256:cdfa1a0a652fbbb8291afe1db95bc30bd39a2f2e5fbc085825b56c51bdc78748_s390x RHSA-2024:6500 Fixed in: rhel9-operator@sha256:29626722accc2d089262f4ef101819a46b4ea608e1865fd59ea5ac3b3661e9ec_s390x RHSA-2024:6500 Fixed in: rhel9@sha256:4997cbb3b782b64e7b4c14d2cd0ac6cc98aa8d76bd538ccf46f48493fcf30837_ppc64le RHSA-2024:6500 Fixed in: rhel9-operator@sha256:a5bdad714236fe8b179215915b1cb466fe5b0c3d5da1cfe0debd8c963084f4bb_ppc64le RHSA-2024:6500 Fixed in: rhel9-operator@sha256:b46a8d3105bf1e3a31ca707b032223b38cf3381a57f7f44a150f399b68115346_ppc64le RHSA-2024:6502 Fixed in: rhel9@sha256:991795cc7cdb6a2ccc55c935a34291a01a9784be306ec980eb3904d64466629e_s390x RHSA-2024:6502 rhbk/keycloak Red Hat / RHEL
Fixed in: rhel9@sha256:6fd26b6c895ab17f670e119376a956400fe35b2b3ea99a07a5fa4dd08cb8eb95_amd64 RHSA-2024:6500 Fixed in: operator-bundle@sha256:43fc6282df4d91c68a9618f9bf2a4159690e69c207b8ba60e907dd64847fdc53_amd64 RHSA-2024:6500 Fixed in: rhel9-operator@sha256:73e1d687a59f2adff13c64109c9f7da91e340c73eae673905360bf86925820e8_amd64 RHSA-2024:6500 Fixed in: rhel9@sha256:cdfa1a0a652fbbb8291afe1db95bc30bd39a2f2e5fbc085825b56c51bdc78748_s390x RHSA-2024:6500 Fixed in: rhel9-operator@sha256:29626722accc2d089262f4ef101819a46b4ea608e1865fd59ea5ac3b3661e9ec_s390x RHSA-2024:6500 Fixed in: rhel9@sha256:4997cbb3b782b64e7b4c14d2cd0ac6cc98aa8d76bd538ccf46f48493fcf30837_ppc64le RHSA-2024:6500 Fixed in: rhel9-operator@sha256:a5bdad714236fe8b179215915b1cb466fe5b0c3d5da1cfe0debd8c963084f4bb_ppc64le RHSA-2024:6500 Fixed in: rhel9@sha256:71ca272bd39f0b082758f0c82df1302d9b51a5b445010944f734242bbe2eefb6_ppc64le RHSA-2024:6502 Fixed in: rhel9-operator@sha256:b46a8d3105bf1e3a31ca707b032223b38cf3381a57f7f44a150f399b68115346_ppc64le RHSA-2024:6502 Fixed in: rhel9@sha256:991795cc7cdb6a2ccc55c935a34291a01a9784be306ec980eb3904d64466629e_s390x RHSA-2024:6502 Fixed in: rhel9-operator@sha256:0b6f71aa1735670a881e0c9fd6c95851f077fb204e004beffc8481d7220ae095_s390x RHSA-2024:6502 Fixed in: rhel9@sha256:00a713fd08f68df2e3b06c9131eb732febb70e795e0345e7a5df1d1fb8ac45b4_amd64 RHSA-2024:6502 Fixed in: operator-bundle@sha256:c8d17b07c4e84a514529674d019668e003f85a672f30213ba9320aa81f64d010_amd64 RHSA-2024:6502 Fixed in: rhel9-operator@sha256:201b5716a28a2d31338a75e844259f278612354010c6c3ac1ccfb60bd194df29_amd64 RHSA-2024:6502 Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Impact
Confidentiality High
Integrity High
Availability High
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
0.80% probability of exploitation in 30 days
52nd percentile
Moderate risk: more likely to be exploited than 52% of all known CVEs.
Other CWE-384 vulnerabilities, ordered by exploit likelihood. View all
Embed a live status badge for CVE-2024-7341 Markdown
[](https://tridentstack.com/cve/CVE-2024-7341)HTML
<a href="https://tridentstack.com/cve/CVE-2024-7341"><img src="https://tridentstack.com/cve/badge/CVE-2024-7341.svg" alt="CVE-2024-7341"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-03-27.