Описание
A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Single Sign-On 7 | keycloak-services | Fix deferred | ||
| Red Hat Build of Keycloak | keycloak-services | Fixed | RHSA-2025:4336 | 29.04.2025 |
| Red Hat build of Keycloak 26.0 | rhbk/keycloak-operator-bundle | Fixed | RHSA-2025:4335 | 29.04.2025 |
| Red Hat build of Keycloak 26.0 | rhbk/keycloak-rhel9 | Fixed | RHSA-2025:4335 | 29.04.2025 |
| Red Hat build of Keycloak 26.0 | rhbk/keycloak-rhel9-operator | Fixed | RHSA-2025:4335 | 29.04.2025 |
Показывать по
Дополнительная информация
Статус:
4.9 Medium
CVSS3
Связанные уязвимости
A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.
A flaw was found in Keycloak. When the configuration uses JWT tokens f ...
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache
4.9 Medium
CVSS3