Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-0264

Опубликовано: 04 авг. 2023
Источник: debian

Описание

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
keycloakitppackage

Связанные уязвимости

redhat логотип

CVE-2023-0264

CVSS3: 4.6
redhat
почти 3 года назад

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

nvd логотип

CVE-2023-0264

CVSS3: 5
nvd
больше 2 лет назад

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

github логотип

GHSA-9g98-5mj6-f9mv

CVSS3: 8.7
github
почти 3 года назад

Keycloak vulnerable to user impersonation via stolen UUID code

fstec логотип

BDU:2023-02654

CVSS3: 7.1
fstec
почти 3 года назад

Уязвимость службы OpenID Connect Login программного средства для управления идентификацией и доступом Keycloak, позволяющая нарушителю создать новые токены сеанса и оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации