Описание
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00838
Низкий
4.6 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-601
CWE-601
Связанные уязвимости
CVSS3: 4.6
redhat
около 2 лет назад
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
CVSS3: 4.6
debian
около 2 лет назад
A flaw was found in Keycloak. This issue may allow an attacker to stea ...
CVSS3: 4.6
github
около 2 лет назад
keycloak-core: open redirect via "form_post.jwt" JARM response mode
EPSS
Процентиль: 74%
0.00838
Низкий
4.6 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-601
CWE-601