PT-2026-60741 · Red Hat · Red Hat Build Of Keycloak+3

CVE-2026-15943

·

Publicado

2026-07-17

·

Atualizado

2026-07-17

CVSS v3.1

5.5

Média

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-15943

Produtos afetados

Red Hat Build Of Keycloak
Red Hat Data Grid 8
Red Hat Jboss Enterprise Application Platform Expansion Pack
Red Hat Single Sign-On 7