PT-2023-5099 · Red Hat · Keycloak

🗓️ 26 May 2023 00:00:00Reported by Positive TechnologiesType

Keycloak certificate authentication risk: untrusted certs with revalidation enabled; disable revalidation and fix truststore.

Reporter	Title	Published	Views	Family All 35
IBM Security Bulletins	Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities	26 Mar 202503:54	–	ibm
ATTACKERKB	CVE-2023-1664	26 May 202318:15	–	attackerkb
Circl	CVE-2023-1664	15 Jan 202521:54	–	circl
CNNVD	Red Hat Keycloak 信任管理问题漏洞	27 Mar 202300:00	–	cnnvd
CVE	CVE-2023-1664	26 May 202300:00	–	cve
Cvelist	CVE-2023-1664	26 May 202300:00	–	cvelist
EUVD	EUVD-2023-1697	3 Oct 202520:07	–	euvd
Github Security Blog	Keycloak Untrusted Certificate Validation vulnerability	30 Jun 202320:30	–	github
Github Security Blog	Duplicate Advisory: Keycloak vulnerable to untrusted certificate validation	26 May 202318:30	–	github
NVD	CVE-2023-1664	26 May 202318:15	–	nvd

Source	Link
osv	www.osv.dev/vulnerability/GHSA-c892-cwq6-qrqf
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-1664
osv	www.osv.dev/vulnerability/GHSA-5cc8-pgp5-7mpm
osv	www.osv.dev/vulnerability/CVE-2023-1664
bdu	www.bdu.fstec.ru/vul/2023-05659
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/keycloak/keycloak
github	www.github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
access	www.access.redhat.com/security/cve/CVE-2023-1664
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

15 Jan 2025 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.16.5

EPSS0.00254

SSVC