5
CVE-2023-0264
- EPSS 3.94%
- Published 04.08.2023 18:15:11
- Last modified 21.11.2024 07:36:51
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Single Sign-on Version < 7.6.2
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Openshift Container Platform Version4.9
Redhat ≫ Openshift Container Platform Version4.10
Redhat ≫ Openshift Container Platform For Ibm Linuxone Version4.9
Redhat ≫ Openshift Container Platform For Ibm Linuxone Version4.10
Redhat ≫ Openshift Container Platform Ibm Z Systems Version4.9
Redhat ≫ Openshift Container Platform Ibm Z Systems Version4.10
Redhat ≫ Single Sign-on Version < 7.6.2
Redhat ≫ Single Sign-on Version- SwEditiontext-only
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.94% | 0.879 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 1.6 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.