Lucene search

GitHub Advisory DatabaseGHSA-9G98-5MJ6-F9MV

HistoryMar 02, 2023 - 11:25 p.m.

Keycloak vulnerable to user impersonation via stolen UUID code

2023-03-0223:25:43

CWE-287

CWE-345

GitHub Advisory Database

github.com

123

keycloak

openid connect

user authentication

vulnerability

session tokens

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

28.6%

JSON

Keycloak’s OpenID Connect user authentication was found to incorrectly authenticate requests. An authenticated attacker who could also obtain a certain piece of info from a user request, from a victim within the same realm, could use that data to impersonate the victim and generate new session tokens.

Affected configurations

Vulners

Node

org.keycloak\keycloakMatchservices

CPENameOperatorVersion
org.keycloak:keycloak-serviceslt21.0.1

CPE	Name	Operator	Version
	org.keycloak:keycloak-services	lt	21.0.1

References

access.redhat.com/security/cve/CVE-2023-0264

github.com/advisories/GHSA-9g98-5mj6-f9mv

github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c

github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv

nvd.nist.gov/vuln/detail/CVE-2023-0264