2 matches found
keycloak: open redirect via "form_post.jwt" JARM response mode
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134...
com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +84 more potentially affected by CVE-2023-6134 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=23.0.2)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.1.23, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.1.4, =1.1.5 and more Source cves: CVE-2023-6134 Source advisory: OSV:GHSA-CVG2-7C3J-G36J...