Today > 5 Critical | 8 High | 34 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-0657

Nov. 18, 2024, 5:11 p.m.

Tags

secalert@redhat.com
CWE-273
2024-11-17
CVE-2023-0657

CVSS Score

3.4 / 10

Product(s) Impacted

Keycloak

Description

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

Weaknesses

CWE-273
Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

CWE ID: 273

Date

Published: Nov. 17, 2024, 11:15 a.m.

Last Modified: Nov. 18, 2024, 5:11 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score
3.4
Exploitability Score
0.9
Impact Score
2.5
Base Severity
LOW
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

References

https://access.redhat.com/ secalert@redhat.com
https://access.redhat.com/ secalert@redhat.com
https://access.redhat.com/ secalert@redhat.com
https://bugzilla.redhat.com/ secalert@redhat.com