Lucene search
K

6 matches found

Cvelist
Cvelist
added 2023/10/04 10:59 a.m.48 views

CVE-2023-2422 Keycloak: oauth client impersonation

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...

5.5CVSS7.2AI score0.00522EPSS
Exploits0References7
CVE
CVE
added 2023/10/04 10:59 a.m.186 views

CVE-2023-2422

CVE-2023-2422 describes an authentication flaw in Keycloak-based deployments where mTLS client certificate chain verification is insufficient. The vulnerability allows a client with a valid certificate to impersonate another client and access data belonging to that client. The issue is documented...

7.1CVSS6.5AI score0.00522EPSS
Exploits0References7Affected Software3
vulnersOsv
vulnersOsv
added 2023/06/30 8:31 p.m.5 views

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +65 more potentially affected by CVE-2023-2422 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=21.1.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.3.2, =0.1.0, =1.0.0 and more Source cves: CVE-2023-2422 Source advisory: OSV:GHSA-3QH5-QQJ2-C78F...

7.1CVSS6.4AI score0.00522EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/06/27 6:53 p.m.102 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 security update

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.4AI score0.98124EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2023/06/27 6:49 p.m.24 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update

A new image is available for Red Hat Single Sign-On 7.6.4, running on OpenShift Container Platform 3.10 and 3.11, and 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

10CVSS6.6AI score0.01771EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/06/27 12:0 a.m.35 views

RHEL 9 : Red Hat Single Sign-On 7.6.4 security update on RHEL 9 (Important) (RHSA-2023:3885)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3885 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

10CVSS6.5AI score0.01771EPSS
Exploits0References13
Rows per page
Query Builder