CVE-2023-6484

EPSS 0.39%
Veröffentlicht 25.04.2024 16:15:09
Zuletzt bearbeitet 21.11.2024 08:43:56
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 18

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://www.keycloak.org/

≫

Paket keycloak

Default Statusunaffected

Version < 22.0.9

Version 0

Status affected

Version < 23.0.5

Version 23.0.0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22.0.10-1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22-13

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22-16

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22.0.10

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 7

Default Statusaffected

Version < *

Version 0:18.0.12-1.redhat_00001.1.el7sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 7

Default Statusaffected

Version < *

Version 0:18.0.13-1.redhat_00001.1.el7sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 8

Default Statusaffected

Version < *

Version 0:18.0.12-1.redhat_00001.1.el8sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 8

Default Statusaffected

Version < *

Version 0:18.0.13-1.redhat_00001.1.el8sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 9

Default Statusaffected

Version < *

Version 0:18.0.12-1.redhat_00001.1.el9sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 9

Default Statusaffected

Version < *

Version 0:18.0.13-1.redhat_00001.1.el9sso

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.6-41

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.6-46

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.6-16

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.6-18

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.6.8-2

Status unaffected

HerstellerRed Hat

≫

Produkt RHSSO 7.6.8

Default Statusunaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.592

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-117 Improper Output Neutralization for Logs

The product does not neutralize or incorrectly neutralizes output that is written to logs.

https://access.redhat.com/errata/RHSA-2024:0798

https://access.redhat.com/errata/RHSA-2024:0799

https://access.redhat.com/errata/RHSA-2024:0800

https://access.redhat.com/errata/RHSA-2024:0801

https://access.redhat.com/errata/RHSA-2024:0804

https://access.redhat.com/errata/RHSA-2024:1860

https://access.redhat.com/errata/RHSA-2024:1861

https://access.redhat.com/errata/RHSA-2024:1862

https://access.redhat.com/errata/RHSA-2024:1864

https://access.redhat.com/errata/RHSA-2024:1866

https://access.redhat.com/errata/RHSA-2024:1867

https://access.redhat.com/errata/RHSA-2024:1868

https://access.redhat.com/errata/RHSA-2024:1865

https://access.redhat.com/security/cve/CVE-2023-6484

https://bugzilla.redhat.com/show_bug.cgi?id=2248423

https://nvd.nist.gov/vuln/detail/CVE-2023-6484

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6484

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6484

EUVD