What is CVE-2023-0264?

CVE-2023-0264 is a medium-severity vulnerability in Redhat.com Keycloak, classified under Improper Authentication. CVSS score: 5.0/10. Published 2023-08-04.

How severe is CVE-2023-0264?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Is CVE-2023-0264 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Redhat.com Keycloak

CVE-2023-0264

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to imperson…

Vulnerability class: Broken Authentication

EPSS: 0.013 (66.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Redhat.com Keycloak — versions 18.0.6
Redhat Enterprise_linux — versions 7.0, 8.0, 9.0
Redhat Keycloak
Redhat Openshift_container_platform — versions 4.9, 4.10
Redhat Openshift_container_platform_for_ibm_linuxone — versions 4.9, 4.10
Redhat Openshift_container_platform_ibm_z_systems — versions 4.9, 4.10
Redhat Single_sign-on

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

secalert@redhat.com (Vendor Advisory)

Frequently asked questions

What is CVE-2023-0264?: CVE-2023-0264 is a medium-severity vulnerability in Redhat.com Keycloak, classified under Improper Authentication. CVSS score: 5.0/10. Published 2023-08-04.
How severe is CVE-2023-0264?: Medium severity. CVSS v3 base score is 5.0 out of 10.
Is CVE-2023-0264 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.