Описание
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
Дополнительная информация
Статус:
Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2158585keycloak: Client Registration endpoint does not check token revocation
3.8 Low
CVSS3
Связанные уязвимости
CVSS3: 3.8
nvd
около 3 лет назад
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
CVSS3: 3.8
debian
около 3 лет назад
A flaw was found in Keycloak, where it did not properly check client t ...
CVSS3: 6.5
github
около 3 лет назад
Keycloak has lack of validation of access token on client registrations endpoint
3.8 Low
CVSS3