Red Hat · Keycloak · CVE-2023-0264
**Name of the Vulnerable Software and Affected Versions**
Keycloak (affected versions not specified)
**Description**
A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.