Lucene search
HistorySep 10, 2024 - 5:15 p.m.
CVE-2023-6841
denial of service
keycloak
unlimited attributes
resource exhaustion
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.7%
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
Affected configurations
Node
redhatkeycloakMatch-
ORredhatsingle_sign-onMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | keycloak | - | cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* |
| redhat | single_sign-on | 7.0 | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
Related
redhatcve
redhatcve
CVE-2023-6841
2024-09-10 16:13:12
osv
osv
CVE-2023-6841
2024-09-10 17:15:15
Keycloak Denial of Service vulnerability
2024-09-10 18:30:44
vulnrichment
vulnrichment
github
github
Keycloak Denial of Service vulnerability
2024-09-10 18:30:44
nessus
nessus
Keycloak < 24.0.0 DoS (CVE-2023-6841)
2024-09-18 00:00:00
cve
cve
CVE-2023-6841
2024-09-10 17:15:15
cvelist
cvelist
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2023-6841