Lucene search
RedhatCVE-2023-6841HistorySep 10, 2024 - 5:15 p.m.
CVE-2023-6841
2024-09-1017:15:15
CWE-231
redhat
web.nvd.nist.gov
44
denial of service
keycloak
unlimited attributes
resource exhaustion
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.7%
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
Affected configurations
Node
redhatkeycloakMatch-
ORredhatsingle_sign-onMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | keycloak | - | cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* |
| redhat | single_sign-on | 7.0 | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Mobile Application Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:mobile_application_platform:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Application Runtimes",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Process Automation 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat support for Spring Boot",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
}
]Related
nvd
nvd
CVE-2023-6841
2024-09-10 17:15:15
redhatcve
redhatcve
CVE-2023-6841
2024-09-10 16:13:12
osv
osv
CVE-2023-6841
2024-09-10 17:15:15
Keycloak Denial of Service vulnerability
2024-09-10 18:30:44
vulnrichment
vulnrichment
github
github
Keycloak Denial of Service vulnerability
2024-09-10 18:30:44
nessus
nessus
Keycloak < 24.0.0 DoS (CVE-2023-6841)
2024-09-18 00:00:00
cvelist
cvelist
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.7%
Related for CVE-2023-6841