Lucene search

K
cve[email protected]CVE-2023-0264
HistoryAug 04, 2023 - 6:15 p.m.

CVE-2023-0264

2023-08-0418:15:11
CWE-287
web.nvd.nist.gov
112
2
cve-2023-0264
keycloak
openid connect
user authentication
flaw
information security
vulnerability

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.3%

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

Affected configurations

Vulners
NVD
Node
redhatkeycloakRange18.0.6
VendorProductVersionCPE
redhatkeycloak*cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "redhat.com",
    "product": "Keycloak",
    "versions": [
      {
        "version": "18.0.6",
        "status": "affected",
        "lessThan": "18.0.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Social References

More

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.3%