3.4

CVE-2023-0657

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/keycloak/keycloak
Package keycloak
Default Statusunaffected
Version < 22.0.10
Version 0
Status affected
Version < 24.0.3
Version 23.0.0
Status affected
VendorRed Hat
Product Red Hat build of Keycloak 22
Default Statusaffected
Version < *
Version 22.0.10-1
Status unaffected
VendorRed Hat
Product Red Hat build of Keycloak 22
Default Statusaffected
Version < *
Version 22-13
Status unaffected
VendorRed Hat
Product Red Hat build of Keycloak 22
Default Statusaffected
Version < *
Version 22-16
Status unaffected
VendorRed Hat
Product Red Hat build of Keycloak 22.0.10
Default Statusunaffected
VendorRed Hat
Product Red Hat Single Sign-On 7
Default Statusaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.196
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secalert@redhat.com 3.4 0.9 2.5
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
CWE-273 Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.