CVE-2023-6563

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description An unconstrained memory consumption issue was discovered. It can be triggered in environments with millions of offline tokens, specifically when there are more than 500,000 users, each having at least 2 saved sessions. If an attacker creates two or more user sessions and then opens the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions. This leads to excessive memory and CPU consumption, which could potentially crash the entire system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.