Products
Keycloak
Source
secalert@redhat.com
Tags
CVE-2023-6544 details
Published : April 25, 2024, 4:15 p.m.
Last Modified : April 25, 2024, 5:24 p.m.
Last Modified : April 25, 2024, 5:24 p.m.
Description
A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.
CVSS Score
1 | 2 | 3 | 4 | 5.4 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
5.4
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References
URL | Source |
---|---|
https://access.redhat.com/errata/RHSA-2024:1860 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1861 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1862 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1864 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1866 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1867 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1868 | secalert@redhat.com |
https://access.redhat.com/security/cve/CVE-2023-6544 | secalert@redhat.com |
https://bugzilla.redhat.com/show_bug.cgi?id=2253116 | secalert@redhat.com |
This website uses the NVD API, but is not approved or certified by it.