Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-0657

Опубликовано: 17 нояб. 2024
Источник: debian
EPSS Низкий

Описание

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
keycloakitppackage

EPSS

Процентиль: 12%
0.0004
Низкий

Связанные уязвимости

redhat логотип

CVE-2023-0657

CVSS3: 3.4
redhat
почти 2 года назад

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

nvd логотип

CVE-2023-0657

CVSS3: 3.4
nvd
около 1 года назад

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

github логотип

GHSA-7fpj-9hr8-28vh

CVSS3: 3.4
github
почти 2 года назад

Keycloak vulnerable to impersonation via logout token exchange

EPSS

Процентиль: 12%
0.0004
Низкий