CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
17.7%
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | keycloak | - | cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* |
redhat | single_sign-on | 7.0 | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
[
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Mobile Application Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:mobile_application_platform:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Application Runtimes",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Process Automation 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat support for Spring Boot",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
}
]