CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
[
{
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"versions": [
{
"status": "unaffected",
"version": "22.0.10-1",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rhbk/keycloak-operator-bundle",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"versions": [
{
"status": "unaffected",
"version": "22-13",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rhbk/keycloak-rhel9",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"versions": [
{
"status": "unaffected",
"version": "22-16",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rhbk/keycloak-rhel9-operator",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:22"
],
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22.0.10",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7",
"packageName": "keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.12-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.13-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.12-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.13-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.12-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.13-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-41",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso76-openshift-rhel8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-46",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso76-openshift-rhel8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-16",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso7-rhel8-init-container",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-18",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso7-rhel8-operator",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6.8-2",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso7-rhel8-operator-bundle",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6"
],
"vendor": "Red Hat",
"product": "RHSSO 7.6.8",
"packageName": "keycloak-rhel9-operator-bundle-container",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
}
]
access.redhat.com/errata/RHSA-2024:0798
access.redhat.com/errata/RHSA-2024:0799
access.redhat.com/errata/RHSA-2024:0800
access.redhat.com/errata/RHSA-2024:0801
access.redhat.com/errata/RHSA-2024:0804
access.redhat.com/errata/RHSA-2024:1860
access.redhat.com/errata/RHSA-2024:1861
access.redhat.com/errata/RHSA-2024:1862
access.redhat.com/errata/RHSA-2024:1864
access.redhat.com/errata/RHSA-2024:1865
access.redhat.com/errata/RHSA-2024:1866
access.redhat.com/errata/RHSA-2024:1867
access.redhat.com/errata/RHSA-2024:1868
access.redhat.com/security/cve/CVE-2023-6484
bugzilla.redhat.com/show_bug.cgi?id=2248423
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial