5.3
CVE-2023-6484
- EPSS 1.01%
- Veröffentlicht 25.04.2024 16:15:09
- Zuletzt bearbeitet 26.06.2026 08:16:20
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Keycloak: log injection during webauthn authentication or registration
Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
Mögliche Gegenmaßnahme
Keycloak Server: Install latest version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://www.keycloak.org/
≫
Paket
keycloak
Default Statusunaffected
Version
0
Version <
22.0.9
Status
affected
Version
23.0.0
Version <
23.0.5
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 22
Default Statusaffected
Version
22.0.10-1
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 22
Default Statusaffected
Version
22-13
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 22
Default Statusaffected
Version
22-16
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 22.0.10
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Single Sign-On 7
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Single Sign-On 7.6 for RHEL 7
Default Statusaffected
Version
0:18.0.12-1.redhat_00001.1.el7sso
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Single Sign-On 7.6 for RHEL 7
Default Statusaffected
Version
0:18.0.13-1.redhat_00001.1.el7sso
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Single Sign-On 7.6 for RHEL 8
Default Statusaffected
Version
0:18.0.12-1.redhat_00001.1.el8sso
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Single Sign-On 7.6 for RHEL 8
Default Statusaffected
Version
0:18.0.13-1.redhat_00001.1.el8sso
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Single Sign-On 7.6 for RHEL 9
Default Statusaffected
Version
0:18.0.12-1.redhat_00001.1.el9sso
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Single Sign-On 7.6 for RHEL 9
Default Statusaffected
Version
0:18.0.13-1.redhat_00001.1.el9sso
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
RHEL-8 based Middleware Containers
Default Statusaffected
Version
7.6-41
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
RHEL-8 based Middleware Containers
Default Statusaffected
Version
7.6-46
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
RHEL-8 based Middleware Containers
Default Statusaffected
Version
7.6-16
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
RHEL-8 based Middleware Containers
Default Statusaffected
Version
7.6-18
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
RHEL-8 based Middleware Containers
Default Statusaffected
Version
7.6.8-2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
RHSSO 7.6.8
Default Statusunaffected
VulnDex Vulnerability Enrichment
Weitere Schwachstelleninformationen
SystemKeycloak
≫
Produkt
Keycloak Server
Version
>= 0.0.0, < 22.0.9
Version
>= 23.0.0, < 23.0.5
Version
>= 24.0.0, < 24.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.01% | 0.585 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-117 Improper Output Neutralization for Logs
The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/errata/RHSA-2024:1860
https://access.redhat.com/errata/RHSA-2024:1861
https://access.redhat.com/errata/RHSA-2024:1862
https://access.redhat.com/errata/RHSA-2024:1864
https://access.redhat.com/errata/RHSA-2024:1866
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/errata/RHSA-2024:1865
https://access.redhat.com/security/cve/CVE-2023-6484
https://bugzilla.redhat.com/show_bug.cgi?id=2248423
https://github.com/advisories/GHSA-j628-q885-8gr5
https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5