Lucene search
RedhatCVE-2023-0091HistoryJan 13, 2023 - 6:15 a.m.
CVE-2023-0091
2023-01-1306:15:11
CWE-863
redhat
web.nvd.nist.gov
65
cve-2023-0091
keycloak
client token
revocation
attacker
sensitive information
nvd
CVSS3
3.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
AI Score
3.7
Confidence
High
EPSS
0.001
Percentile
22.6%
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
Affected configurations
Node
redhatsingle_sign-onMatch7.0
redhatkeycloakMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | single_sign-on | 7.0 | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
| redhat | keycloak | - | cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "redhat.com",
"product": "Keycloak",
"defaultStatus": "unaffected",
"versions": [
{
"version": "n/a",
"status": "unknown"
}
]
}
]Related
osv
osv
nvd
nvd
CVE-2023-0091
2023-01-13 06:15:11
github
github
veracode
veracode
Insecure Token Validation
2023-01-16 15:38:37
cvelist
cvelist
CVE-2023-0091
2023-01-11 20:44:07
redhatcve
redhatcve
CVE-2023-0091
2023-01-05 20:36:06
prion
prion
Design/Logic Flaw
2023-01-13 06:15:00
nessus
nessus
redhat
redhat
CVSS3
3.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
AI Score
3.7
Confidence
High
EPSS
0.001
Percentile
22.6%
Related for CVE-2023-0091