Описание
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00097
Низкий
3.8 Low
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 3.8
redhat
больше 3 лет назад
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
CVSS3: 3.8
debian
около 3 лет назад
A flaw was found in Keycloak, where it did not properly check client t ...
CVSS3: 6.5
github
около 3 лет назад
Keycloak has lack of validation of access token on client registrations endpoint
EPSS
Процентиль: 27%
0.00097
Низкий
3.8 Low
CVSS3
Дефекты
CWE-863
CWE-863