Rejected reason: This flaw was found to be a duplicate of CVE-2023-6927. Please see access.redhat.com/security/cve/CVE-2023-6927 for information about affected products and security errata.
Description<!---->An incomplete fix was found in the Keycloak Core patch An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_postjwt" Changing the response_mode parameter in the original proof of concept from "form_post" to "form_postjwt" can bypass the security patch implemented to ...
Vulmon