CVE-2023-0264

CVSS v2.0

6.5

Medium

Vector

AV:A/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficient Verification of Data Authenticity

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-303CWE-345CWE-287

Related Identifiers

BDU:2023-02654

CVE-2023-0264

GHSA-9G98-5MJ6-F9MV

RHSA-2023:1043

RHSA-2023:1044

RHSA-2023:1045

Affected Products

Keycloak

CVE-2023-0264

Weakness Enumeration

Related Identifiers

Affected Products

References · 19