6 matches found
CVE-2023-2422 Keycloak: oauth client impersonation
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...
CVE-2023-2422
CVE-2023-2422 describes an authentication flaw in Keycloak-based deployments where mTLS client certificate chain verification is insufficient. The vulnerability allows a client with a valid certificate to impersonate another client and access data belonging to that client. The issue is documented...
com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +65 more potentially affected by CVE-2023-2422 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=21.1.1)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.3.2, =0.1.0, =1.0.0 and more Source cves: CVE-2023-2422 Source advisory: OSV:GHSA-3QH5-QQJ2-C78F...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 security update
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update
A new image is available for Red Hat Single Sign-On 7.6.4, running on OpenShift Container Platform 3.10 and 3.11, and 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
RHEL 9 : Red Hat Single Sign-On 7.6.4 security update on RHEL 9 (Important) (RHSA-2023:3885)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3885 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...