5.3

CVE-2023-6484

Keycloak: log injection during webauthn authentication or registration

Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
Mögliche Gegenmaßnahme
Keycloak Server: Install latest version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://www.keycloak.org/
Paket keycloak
Default Statusunaffected
Version 0
Version < 22.0.9
Status affected
Version 23.0.0
Version < 23.0.5
Status affected
HerstellerRed Hat
Produkt Red Hat build of Keycloak 22
Default Statusaffected
Version 22.0.10-1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat build of Keycloak 22
Default Statusaffected
Version 22-13
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat build of Keycloak 22
Default Statusaffected
Version 22-16
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat build of Keycloak 22.0.10
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Single Sign-On 7
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Single Sign-On 7.6 for RHEL 7
Default Statusaffected
Version 0:18.0.12-1.redhat_00001.1.el7sso
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Single Sign-On 7.6 for RHEL 7
Default Statusaffected
Version 0:18.0.13-1.redhat_00001.1.el7sso
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Single Sign-On 7.6 for RHEL 8
Default Statusaffected
Version 0:18.0.12-1.redhat_00001.1.el8sso
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Single Sign-On 7.6 for RHEL 8
Default Statusaffected
Version 0:18.0.13-1.redhat_00001.1.el8sso
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Single Sign-On 7.6 for RHEL 9
Default Statusaffected
Version 0:18.0.12-1.redhat_00001.1.el9sso
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Single Sign-On 7.6 for RHEL 9
Default Statusaffected
Version 0:18.0.13-1.redhat_00001.1.el9sso
Version < *
Status unaffected
HerstellerRed Hat
Produkt RHEL-8 based Middleware Containers
Default Statusaffected
Version 7.6-41
Version < *
Status unaffected
HerstellerRed Hat
Produkt RHEL-8 based Middleware Containers
Default Statusaffected
Version 7.6-46
Version < *
Status unaffected
HerstellerRed Hat
Produkt RHEL-8 based Middleware Containers
Default Statusaffected
Version 7.6-16
Version < *
Status unaffected
HerstellerRed Hat
Produkt RHEL-8 based Middleware Containers
Default Statusaffected
Version 7.6-18
Version < *
Status unaffected
HerstellerRed Hat
Produkt RHEL-8 based Middleware Containers
Default Statusaffected
Version 7.6.8-2
Version < *
Status unaffected
HerstellerRed Hat
Produkt RHSSO 7.6.8
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemKeycloak
Produkt Keycloak Server
Version >= 0.0.0, < 22.0.9
Version >= 23.0.0, < 23.0.5
Version >= 24.0.0, < 24.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.01% 0.585
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-117 Improper Output Neutralization for Logs

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/errata/RHSA-2024:1860
https://access.redhat.com/errata/RHSA-2024:1861
https://access.redhat.com/errata/RHSA-2024:1862
https://access.redhat.com/errata/RHSA-2024:1864
https://access.redhat.com/errata/RHSA-2024:1866
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/errata/RHSA-2024:1865
https://access.redhat.com/security/cve/CVE-2023-6484
https://bugzilla.redhat.com/show_bug.cgi?id=2248423
https://github.com/advisories/GHSA-j628-q885-8gr5
https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5
Third Party Advisory