CVE-2023-2422

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak where a server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. This allows a client with a proper certificate to authorize itself as any other client, accessing data belonging to other clients. The issue is related to errors in the certificate verification procedure, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.