CVE-2023-2422

🗓️ 04 Oct 2023 10:59:30Reported by redhatType

Flaw in Keycloak server mTLS authenticatio

Reporter	Title	Published	Views	Family All 30
ATTACKERKB	CVE-2023-2422	4 Oct 202311:15	–	attackerkb
Circl	CVE-2023-2422	23 Aug 202303:33	–	circl
CNNVD	Red Hat Keycloak 信任管理问题漏洞	26 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-2422 Keycloak: oauth client impersonation	4 Oct 202310:59	–	cvelist
EUVD	EUVD-2023-1672	3 Oct 202520:07	–	euvd
Github Security Blog	Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients	30 Jun 202320:31	–	github
NVD	CVE-2023-2422	4 Oct 202311:15	–	nvd
OSV	CVE-2023-2422	4 Oct 202311:15	–	osv
OSV	GHSA-3QH5-QQJ2-C78F Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients	30 Jun 202320:31	–	osv
OSV	RHSA-2023:3883 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 security update on RHEL 7	27 Sep 202415:16	–	osv

NVD

Node

redhat keycloakMatch-

redhat openshift_container_platformMatch4.9

redhat openshift_container_platformMatch4.10

redhat openshift_container_platformMatch4.11

redhat openshift_container_platformMatch4.12

redhat single_sign-onMatch7.6

AND

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Single Sign-On 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "keycloak-oauth",
    "cpes": [
      "cpe:/a:redhat:red_hat_single_sign_on:7.6.4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-sso7-keycloak",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:18.0.8-1.redhat_00001.1.el7sso",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-sso7-keycloak",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:18.0.8-1.redhat_00001.1.el8sso",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-sso7-keycloak",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:18.0.8-1.redhat_00001.1.el9sso",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHEL-8 based Middleware Containers",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rh-sso-7/sso76-openshift-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "7.6-24",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhosemc:1.0::el8"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2023:3892
access	www.access.redhat.com/security/cve/CVE-2023-2422
access	www.access.redhat.com/errata/RHSA-2023:3883
access	www.access.redhat.com/errata/RHSA-2023:3884
access	www.access.redhat.com/errata/RHSA-2023:3885
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2023:3888

21 Nov 2024 07:58Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.5 - 7.1

EPSS0.00323

SSVC

CWE-295