Описание
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Fix deferred | ||
| Red Hat build of Keycloak 22 | rhbk/keycloak-operator-bundle | Fixed | RHSA-2024:1867 | 16.04.2024 |
| Red Hat build of Keycloak 22 | rhbk/keycloak-rhel9 | Fixed | RHSA-2024:1867 | 16.04.2024 |
| Red Hat build of Keycloak 22 | rhbk/keycloak-rhel9-operator | Fixed | RHSA-2024:1867 | 16.04.2024 |
| Red Hat build of Keycloak 22.0.10 | keycloak | Fixed | RHSA-2024:1868 | 16.04.2024 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-273
https://bugzilla.redhat.com/show_bug.cgi?id=2166728keycloak: impersonation via logout token exchange
EPSS
Процентиль: 12%
0.0004
Низкий
3.4 Low
CVSS3
Связанные уязвимости
CVSS3: 3.4
nvd
около 1 года назад
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
CVSS3: 3.4
debian
около 1 года назад
A flaw was found in Keycloak. This issue occurs due to improperly enfo ...
CVSS3: 3.4
github
почти 2 года назад
Keycloak vulnerable to impersonation via logout token exchange
EPSS
Процентиль: 12%
0.0004
Низкий
3.4 Low
CVSS3