Описание
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
EPSS
Процентиль: 12%
0.0004
Низкий
3.4 Low
CVSS3
Дефекты
CWE-273
Связанные уязвимости
CVSS3: 3.4
redhat
почти 2 года назад
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
CVSS3: 3.4
debian
около 1 года назад
A flaw was found in Keycloak. This issue occurs due to improperly enfo ...
CVSS3: 3.4
github
почти 2 года назад
Keycloak vulnerable to impersonation via logout token exchange
EPSS
Процентиль: 12%
0.0004
Низкий
3.4 Low
CVSS3
Дефекты
CWE-273