Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-0264

Опубликовано: 28 фев. 2023
Источник: redhat
CVSS3: 4.6

Описание

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat A-MQ Onlinekeycloak-servicesNot affected
Red Hat JBoss Enterprise Application Platform 6keycloak-servicesNot affected
Red Hat Single Sign-On 7FixedRHSA-2023:104901.03.2023
Red Hat Single Sign-On 7.6 for RHEL 7rh-sso7-keycloakFixedRHSA-2023:104301.03.2023
Red Hat Single Sign-On 7.6 for RHEL 8rh-sso7-keycloakFixedRHSA-2023:104401.03.2023
Red Hat Single Sign-On 7.6 for RHEL 9rh-sso7-keycloakFixedRHSA-2023:104501.03.2023
RHEL-8 based Middleware Containersrh-sso-7/sso76-openshift-rhel8FixedRHSA-2023:104701.03.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-303
https://bugzilla.redhat.com/show_bug.cgi?id=2160585keycloak: user impersonation via stolen uuid code

4.6 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-0264

CVSS3: 5
nvd
больше 2 лет назад

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

debian логотип

CVE-2023-0264

CVSS3: 5
debian
больше 2 лет назад

A flaw was found in Keycloaks OpenID Connect user authentication, whic ...

github логотип

GHSA-9g98-5mj6-f9mv

CVSS3: 8.7
github
почти 3 года назад

Keycloak vulnerable to user impersonation via stolen UUID code

fstec логотип

BDU:2023-02654

CVSS3: 7.1
fstec
почти 3 года назад

Уязвимость службы OpenID Connect Login программного средства для управления идентификацией и доступом Keycloak, позволяющая нарушителю создать новые токены сеанса и оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

4.6 Medium

CVSS3