PT-2026-60741 · Red Hat · Red Hat Build Of Keycloak+3
CVE-2026-15943
·
Publicado
2026-07-17
·
Atualizado
2026-07-17
CVSS v3.1
5.5
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat Build Of Keycloak
Red Hat Data Grid 8
Red Hat Jboss Enterprise Application Platform Expansion Pack
Red Hat Single Sign-On 7