5.4
CVE-2023-6544
- EPSS 0.36%
- Published 25.04.2024 16:15:10
- Last modified 21.11.2024 08:44:03
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/keycloak/keycloak
≫
Package
org.keycloak:keycloak-services
Default Statusunaffected
Version <
22.0.10
Version
22.0.0
Status
affected
Version <
24.0.3
Version
23.0.0
Status
affected
VendorRed Hat
≫
Product
Red Hat build of Keycloak 22
Default Statusaffected
Version <
*
Version
22.0.10-1
Status
unaffected
VendorRed Hat
≫
Product
Red Hat build of Keycloak 22
Default Statusaffected
Version <
*
Version
22-13
Status
unaffected
VendorRed Hat
≫
Product
Red Hat build of Keycloak 22
Default Statusaffected
Version <
*
Version
22-16
Status
unaffected
VendorRed Hat
≫
Product
Red Hat build of Keycloak 22.0.10
Default Statusunaffected
VendorRed Hat
≫
Product
Red Hat Single Sign-On 7.6 for RHEL 7
Default Statusaffected
Version <
*
Version
0:18.0.13-1.redhat_00001.1.el7sso
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Single Sign-On 7.6 for RHEL 8
Default Statusaffected
Version <
*
Version
0:18.0.13-1.redhat_00001.1.el8sso
Status
unaffected
VendorRed Hat
≫
Product
Red Hat Single Sign-On 7.6 for RHEL 9
Default Statusaffected
Version <
*
Version
0:18.0.13-1.redhat_00001.1.el9sso
Status
unaffected
VendorRed Hat
≫
Product
RHEL-8 based Middleware Containers
Default Statusaffected
Version <
*
Version
7.6-46
Status
unaffected
VendorRed Hat
≫
Product
RHSSO 7.6.8
Default Statusunaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.571 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-625 Permissive Regular Expression
The product uses a regular expression that does not sufficiently restrict the set of allowed values.