6 matches found
MAL-2024-11953 Malicious code in client-consent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36ebc6cac6d302018d141c45adee10302556bd3da3491d12734412f967aea772 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in client-consent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36ebc6cac6d302018d141c45adee10302556bd3da3491d12734412f967aea772 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-2585
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...
CVE-2023-2585
CVE-2023-2585 concerns Keycloak’s Device Authorization Grant, where flawed validation of device_code and client_id could allow a malicious OAuth client to spoof a consent request and trick an admin into granting access to other OAuth clients or cause unauthorized access. Connected sources corrobo...
CVE-2023-2585 Keycloak: client access via device auth request spoof
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...
CVE-2023-2585
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...