It was found that the Keycloak Node.js adapter did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Find out more about CVE-2017-7474 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 8.1 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | None |
Platform | Errata | Release Date |
---|---|---|
Red Hat Single Sign-On 7.1 | RHSA-2017:1203 | 2017-05-08 |
Platform | Package | State |
---|---|---|
Red Hat Single Sign-On 7 | keycloak-connect | Affected |