Lucene search
RedhatCVELIST:CVE-2023-6841HistorySep 10, 2024 - 4:15 p.m.
CVE-2023-6841 Keycloak: amount of attributes per object is not limited and it may lead to dos
2024-09-1016:15:32
CWE-231
redhat
www.cve.org
4
cve-2023-6841
keycloak
amount of attributes
denial of service
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.7%
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Mobile Application Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:mobile_application_platform:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Application Runtimes",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Process Automation 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat support for Spring Boot",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "keycloak",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
}
]Related
osv
osv
CVE-2023-6841
2024-09-10 17:15:15
Keycloak Denial of Service vulnerability
2024-09-10 18:30:44
nvd
nvd
CVE-2023-6841
2024-09-10 17:15:15
redhatcve
redhatcve
CVE-2023-6841
2024-09-10 16:13:12
vulnrichment
vulnrichment
github
github
Keycloak Denial of Service vulnerability
2024-09-10 18:30:44
cve
cve
CVE-2023-6841
2024-09-10 17:15:15
nessus
nessus
Keycloak < 24.0.0 DoS (CVE-2023-6841)
2024-09-18 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.7%
Related for CVELIST:CVE-2023-6841