Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2023-2585

Published: 21/12/2023 Updated: 02/01/2024
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat single sign-on 7.6

redhat openshift container platform 4.11

redhat openshift container platform 4.12

redhat openshift container platform for ibm z 4.9

redhat openshift container platform for ibm z 4.10

redhat openshift container platform for linuxone 4.9

redhat openshift container platform for linuxone 4.10

redhat openshift container platform for power 4.9

redhat openshift container platform for power 4.10

redhat single sign-on -

Vendor Advisories

Red Hat: Important: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update
Synopsis Important: Red Hat Single Sign-On 764 for OpenShift image security enhancement update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 764, running on OpenShift Container Platform 310 and 311, and 4120Red Hat Product Security has rated this update as having a security impac ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 9
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 8
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 8Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 764 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 764 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.4 security update
Synopsis Important: Red Hat Single Sign-On 764 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

NVD-CWE-Otherhttps://access.redhat.com/errata/RHSA-2023:3883https://access.redhat.com/errata/RHSA-2023:3884https://access.redhat.com/errata/RHSA-2023:3885https://access.redhat.com/errata/RHSA-2023:3888https://access.redhat.com/errata/RHSA-2023:3892https://access.redhat.com/security/cve/CVE-2023-2585https://bugzilla.redhat.com/show_bug.cgi?id=2196335https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:3888https://access.redhat.com/security/cve/cve-2023-2585
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044client sideCVE-2021-47601deserializationCVE-2024-34994encryptionCVE-2021-47609CVE-2024-37079CVE-2024-38608
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook