keycloak-services is vulnerable to Insecure Token validation. The vulnerability exists because the verifyToken
function in ClientRegistrationTokenUtils.java
does not properly validate the client tokens for possible revocations in its client credential flow, allowing an attacker to access or modify potentially sensitive information through the client-registration endpoints.