CVE-2023-6841

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 24

Description A denial of service issue was found in Keycloak where the amount of attributes per object is not limited. An attacker could cause resource exhaustion by sending repeated HTTP requests, leading to the application sending back rows with long attribute values.

Recommendations For versions prior to 24, update to Keycloak 24 or later, which introduces the User Profile feature that fixes this issue. As a temporary workaround, consider restricting the amount of attributes per object to prevent resource exhaustion.