Lucene search
Redhat.comRH:CVE-2023-0091HistoryJan 05, 2023 - 8:36 p.m.
CVE-2023-0091
2023-01-0520:36:06
redhat.com
access.redhat.com
14
keycloak
client credential flow
revocation
sensitive information
security vulnerability
CVSS3
3.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
22.6%
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
Related
cve
cve
CVE-2023-0091
2023-01-13 06:15:11
github
github
veracode
veracode
Insecure Token Validation
2023-01-16 15:38:37
osv
osv
nvd
nvd
CVE-2023-0091
2023-01-13 06:15:11
cvelist
cvelist
CVE-2023-0091
2023-01-11 20:44:07
prion
prion
Design/Logic Flaw
2023-01-13 06:15:00
nessus
nessus
redhat
redhat
CVSS3
3.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
22.6%
Related for RH:CVE-2023-0091