Lucene search

K

MITRECVE-2023-6134

HistoryDec 14, 2023 - 9:42 p.m.

CVE-2023-6134

2023-12-1421:42:12

MITRE

web.nvd.nist.gov

79

cve-2023-6134

keycloak

xss

redirects

security vulnerability

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

References

access.redhat.com/errata/RHSA-2023:7854

access.redhat.com/errata/RHSA-2023:7855

access.redhat.com/errata/RHSA-2023:7856

access.redhat.com/errata/RHSA-2023:7857

access.redhat.com/errata/RHSA-2023:7858

access.redhat.com/errata/RHSA-2023:7860

access.redhat.com/errata/RHSA-2023:7861

access.redhat.com/errata/RHSA-2024:0798

access.redhat.com/errata/RHSA-2024:0799

access.redhat.com/errata/RHSA-2024:0800

access.redhat.com/errata/RHSA-2024:0801

access.redhat.com/errata/RHSA-2024:0804

access.redhat.com/security/cve/CVE-2023-6134

bugzilla.redhat.com/show_bug.cgi?id=2249673

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

Related for CVE-2023-6134

prion3 osv6 cvelist3 redhatcve4 github5 veracode1 redhat13 cve2 nessus6