exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2023-6563

около 2 лет назад

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.

CVSS3: 7.7

EPSS: Низкий

CVE-2023-6563

около 2 лет назад

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.

CVSS3: 7.7

EPSS: Низкий

CVE-2023-6563

около 2 лет назад

An unconstrained memory consumption vulnerability was discovered in Ke ...

CVSS3: 7.7

EPSS: Низкий

GHSA-54f3-c6hg-865h

около 2 лет назад

Allocation of Resources Without Limits in Keycloak

CVSS3: 7.7

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-6563 An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.	CVSS3: 7.7	0% Низкий	около 2 лет назад
CVE-2023-6563 An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.	CVSS3: 7.7	0% Низкий	около 2 лет назад
CVE-2023-6563 An unconstrained memory consumption vulnerability was discovered in Ke ...	CVSS3: 7.7	0% Низкий	около 2 лет назад
GHSA-54f3-c6hg-865h Allocation of Resources Without Limits in Keycloak	CVSS3: 7.7	0% Низкий	около 2 лет назад

Уязвимостей на страницу