CVE-2023-0091

EPSS 0.23%
Veröffentlicht 13.01.2023 06:15:11
Zuletzt bearbeitet 09.04.2025 15:15:56
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Lack of validation of access token on client registrations endpoint

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Mögliche Gegenmaßnahme

Keycloak Server: Install latest version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Keycloak Version-

Redhat ≫ Single Sign-on Version7.0

Weitere Schwachstelleninformationen

SystemKeycloak

≫

Produkt Keycloak Server

Version < 20.0.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.46

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.8	1.2	2.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	3.8	1.2	2.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://access.redhat.com/security/cve/CVE-2023-0091

Vendor Advisory

https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0091

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0091

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0091

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-0091