Lucene search

K
redhatcveRedhat.comRH:CVE-2023-0657
HistoryApr 17, 2024 - 1:00 p.m.

CVE-2023-0657

2024-04-1713:00:29
redhat.com
access.redhat.com
21
keycloak
flaw
token type
enforcement
signature validation
authenticated attacker
logout token
access token
data access

7.2 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

7.2 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

Related for RH:CVE-2023-0657