6.8 Medium
AI Score
Confidence
High
0 Low
EPSS
Percentile
0.0%
Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
github.com/keycloak/keycloak
github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh