Lucene search
RedhatCVELIST:CVE-2023-0264HistoryAug 04, 2023 - 5:09 p.m.
CVE-2023-0264
2023-08-0417:09:27
redhat
www.cve.org
1
keycloak
openid connect
user authentication
confidentiality
integrity
availability
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
CNA Affected
[
{
"vendor": "redhat.com",
"product": "Keycloak",
"versions": [
{
"version": "18.0.6",
"status": "affected",
"lessThan": "18.0.6",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
redhatcve
redhatcve
CVE-2023-0264
2023-02-28 19:29:32
prion
prion
Authentication flaw
2023-08-04 18:15:00
githubexploit
githubexploit
Exploit for Improper Authentication in Redhat Keycloak
2023-03-06 14:42:19
veracode
veracode
User Impersonation
2023-03-04 15:40:16
osv
osv
Keycloak vulnerable to user impersonation via stolen UUID code
2023-03-02 23:25:43
nvd
nvd
CVE-2023-0264
2023-08-04 18:15:11
cve
cve
CVE-2023-0264
2023-08-04 18:15:11
github
github
Keycloak vulnerable to user impersonation via stolen UUID code
2023-03-02 23:25:43
nessus
nessus
redhat
redhat