Описание
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.
A flaw was found in the keycloak-services component of Keycloak. This ...
Keycloak services allows the issuance of access and refresh tokens for disabled users
Уязвимость компонента keycloak-services программного средства для управления идентификацией и доступом Keycloak, позволяющая нарушителю повысить свои привилегии
EPSS
6.5 Medium
CVSS3