Описание
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keycloak | itp | package |
EPSS
Процентиль: 27%
0.00097
Низкий
Связанные уязвимости
CVSS3: 3.8
redhat
больше 3 лет назад
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
CVSS3: 3.8
nvd
около 3 лет назад
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
CVSS3: 6.5
github
около 3 лет назад
Keycloak has lack of validation of access token on client registrations endpoint
EPSS
Процентиль: 27%
0.00097
Низкий