Published: 26/10/2017 Updated: 19/08/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat keycloak -

Synopsis Moderate: Red Hat Single Sign-On security update Type/Severity Security Advisory: Moderate Topic Red Hat Single Sign-On 713 is now available for download from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

Synopsis Moderate: rh-sso7-keycloak security update Type/Severity Security Advisory: Moderate Topic An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 71 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

Synopsis Moderate: rh-sso7-keycloak security update Type/Severity Security Advisory: Moderate Topic An update for rh-sso7-keycloak is now available for Red Hat Single Sign-On 71 for RHEL 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attack ...

CWE-287 https://bugzilla.redhat.com/show_bug.cgi?id=1484154 https://access.redhat.com/errata/RHSA-2017:2906 https://access.redhat.com/errata/RHSA-2017:2905 https://access.redhat.com/errata/RHSA-2017:2904 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2017:2906

CVE-2017-12160

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect