CVE-2017-12160

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was discovered in Keycloak oauth that allows an authenticated resource to obtain an access/refresh token pair from the authentication server. This permits indefinite usage even in the case of permission revocation. An attacker on a compromised resource could exploit this to grant continued permissions and possibly conduct further attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.