A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
[
{
"vendor": "redhat.com",
"product": "Keycloak",
"versions": [
{
"version": "18.0.6",
"status": "affected",
"lessThan": "18.0.6",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]