Published: 26/05/2023 Updated: 03/06/2023

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 0

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat keycloak -
redhat single sign-on 7.0
redhat build of quarkus -
redhat jboss a-mq 7
redhat migration toolkit for runtimes -

Synopsis Important: Red Hat Single Sign-On 764 for OpenShift image security enhancement update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 764, running on OpenShift Container Platform 310 and 311, and 4120Red Hat Product Security has rated this update as having a security impac ...

Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 9Red Hat ...

Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 8Red Hat ...

Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 7Red Hat ...

Synopsis Moderate: Red Hat AMQ Broker 7112 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat AMQ Broker 7112 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: Red Hat Single Sign-On 764 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...

DescriptionA flaw was found in Keycloak This issue may allow unintended access of an untrusted certificate when using &quot;Revalidate Client Certificate&quot; and when KC_SPI_TRUSTSTORE_FILE_FILE is misconfiguredA flaw was found in Keycloak This issue may allow unintended access of an untrusted certificate when using "Revalidate ...

CWE-295 https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:3888 https://access.redhat.com/security/cve/cve-2023-1664

Get Started

CVE-2023-1664

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect