Описание
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
- Issue Tracking
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
- Issue Tracking
Уязвимые конфигурации
Одновременно
Одно из
Одновременно
Одно из
Одновременно
Одно из
Одновременно
Одно из
EPSS
7.7 High
CVSS3
Дефекты
Связанные уязвимости
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.
An unconstrained memory consumption vulnerability was discovered in Ke ...
Allocation of Resources Without Limits in Keycloak
EPSS
7.7 High
CVSS3