Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2023-2422

Published: 04/10/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Keycloak

Vulnerability Summary

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat keycloak -

redhat openshift_container_platform 4.9

redhat openshift_container_platform 4.10

redhat openshift_container_platform 4.11

redhat openshift_container_platform 4.12

redhat single_sign-on 7.6

Vendor Advisories

Red Hat: Important: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update
Synopsis Important: Red Hat Single Sign-On 764 for OpenShift image security enhancement update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 764, running on OpenShift Container Platform 310 and 311, and 4120Red Hat Product Security has rated this update as having a security impac ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 9
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 8
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 8Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update
Synopsis Important: Red Hat Single Sign-On 764 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-295https://access.redhat.com/security/cve/CVE-2023-2422https://access.redhat.com/errata/RHSA-2023:3892https://bugzilla.redhat.com/show_bug.cgi?id=2191668https://access.redhat.com/errata/RHSA-2023:3885https://access.redhat.com/errata/RHSA-2023:3884https://access.redhat.com/errata/RHSA-2023:3883https://access.redhat.com/errata/RHSA-2023:3888https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:3888https://access.redhat.com/security/cve/cve-2023-2422
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook