A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
redhat keycloak |
||
redhat single_sign-on |
||
redhat openshift_container_platform 4.9 |
||
redhat openshift_container_platform 4.10 |
||
redhat openshift_container_platform_for_ibm_linuxone 4.9 |
||
redhat openshift_container_platform_for_ibm_linuxone 4.10 |
||
redhat openshift_container_platform_ibm_z_systems 4.9 |
||
redhat openshift_container_platform_ibm_z_systems 4.10 |
||
redhat single sign-on - |
Vulmon