CVE-2023-6544

EPSS 0.36%
Veröffentlicht 25.04.2024 16:15:10
Zuletzt bearbeitet 21.11.2024 08:44:03
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/keycloak/keycloak

≫

Paket org.keycloak:keycloak-services

Default Statusunaffected

Version < 22.0.10

Version 22.0.0

Status affected

Version < 24.0.3

Version 23.0.0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22.0.10-1

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22-13

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22

Default Statusaffected

Version < *

Version 22-16

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 22.0.10

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 7

Default Statusaffected

Version < *

Version 0:18.0.13-1.redhat_00001.1.el7sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 8

Default Statusaffected

Version < *

Version 0:18.0.13-1.redhat_00001.1.el8sso

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7.6 for RHEL 9

Default Statusaffected

Version < *

Version 0:18.0.13-1.redhat_00001.1.el9sso

Status unaffected

HerstellerRed Hat

≫

Produkt RHEL-8 based Middleware Containers

Default Statusaffected

Version < *

Version 7.6-46

Status unaffected

HerstellerRed Hat

≫

Produkt RHSSO 7.6.8

Default Statusunaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.571

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-625 Permissive Regular Expression

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

https://access.redhat.com/errata/RHSA-2024:1860

https://access.redhat.com/errata/RHSA-2024:1861

https://access.redhat.com/errata/RHSA-2024:1862

https://access.redhat.com/errata/RHSA-2024:1864

https://access.redhat.com/errata/RHSA-2024:1866

https://access.redhat.com/errata/RHSA-2024:1867

https://access.redhat.com/errata/RHSA-2024:1868

https://access.redhat.com/security/cve/CVE-2023-6544

https://bugzilla.redhat.com/show_bug.cgi?id=2253116

https://nvd.nist.gov/vuln/detail/CVE-2023-6544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6544

EUVD