Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv3

CVE-2023-6291

Published: 26/01/2024 Updated: 14/02/2024
CVSS v3 Base Score: 7.1 | Impact Score: 3.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Redhat

Vulnerability Summary

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the malicious user to impersonate other users.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat single sign-on -

redhat keycloak

redhat openshift_container_platform 4.11

redhat openshift_container_platform 4.12

redhat openshift_container_platform_for_ibm_z 4.9

redhat openshift_container_platform_for_ibm_z 4.10

redhat openshift_container_platform_for_linuxone 4.9

redhat openshift_container_platform_for_linuxone 4.10

redhat openshift_container_platform_for_power 4.9

redhat openshift_container_platform_for_power 4.10

redhat single_sign-on 7.6

redhat migration toolkit for applications 6.0

redhat migration toolkit for applications 7.0

Vendor Advisories

Red Hat: Important: Red Hat Single Sign-On 7.6.6 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 766 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 766 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Important: Red Hat build of Keycloak 22.0.7 enhancement and security update
Synopsis Important: Red Hat build of Keycloak 2207 enhancement and security update Type/Severity Security Advisory: Important Topic Red Hat build of Keycloak 2207 is now available from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: Red Hat build of Keycloak 22.0.7 images enhancement and security update
Synopsis Important: Red Hat build of Keycloak 2207 images enhancement and security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat build of Keycloak 2207 images running on OpenShift Container PlatformRed Hat Product Security has rated this update as having a security impact of Import ...
Red Hat: Important: Red Hat Single Sign-On 7.6.6 security update on RHEL 9
Synopsis Important: Red Hat Single Sign-On 766 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 766 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.6 security update on RHEL 8
Synopsis Important: Red Hat Single Sign-On 766 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 766 packages are now available for Red Hat Enterprise Linux 8Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security update
Synopsis Important: Red Hat Single Sign-On 766 for OpenShift image enhancement and security update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 766, running on OpenShift Container Platform 310 and 311, and 43Red Hat Product Security has rated this update as having a security impa ...
Red Hat: Important: Red Hat Single Sign-On 7.6.6 security update
Synopsis Important: Red Hat Single Sign-On 766 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat:
Description<!---->A flaw was found in the redirect_uri validation logic in Keycloak This issue may allow a bypass of otherwise explicitly allowed hosts A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other usersA flaw was found in the redirect_uri validation logic in Keycloak This ...

References

CWE-601https://access.redhat.com/errata/RHSA-2023:7854https://access.redhat.com/errata/RHSA-2023:7855https://access.redhat.com/errata/RHSA-2023:7856https://access.redhat.com/errata/RHSA-2023:7857https://access.redhat.com/errata/RHSA-2023:7858https://access.redhat.com/errata/RHSA-2023:7860https://access.redhat.com/errata/RHSA-2023:7861https://access.redhat.com/security/cve/CVE-2023-6291https://bugzilla.redhat.com/show_bug.cgi?id=2251407https://access.redhat.com/errata/RHSA-2024:0798https://access.redhat.com/errata/RHSA-2024:0799https://access.redhat.com/errata/RHSA-2024:0800https://access.redhat.com/errata/RHSA-2024:0801https://access.redhat.com/errata/RHSA-2024:0804https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:7854https://access.redhat.com/security/cve/cve-2023-6291
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook