Vulnerability in Red Hat Build Of Keycloak 22
CVE-2023-0657
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access…
EPSS: 0.001 (17.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.4 (Low). Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N.
Affected products
- Red Hat Build Of Keycloak 22 — versions 22.0.10-1, 22-13, 22-16
- Red Hat Build Of Keycloak 22.0.10
- Red Hat Single Sign-on 7
Weakness classification (CWE)
References
- RHSA-2024:1867 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:1868 (vendor-advisory, x_refsource_REDHAT)
- access.redhat.com/security/cve/CVE-2023-0657 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2166728 (issue-tracking, x_refsource_REDHAT)
Frequently asked questions
- What is CVE-2023-0657?
- CVE-2023-0657 is a low-severity vulnerability in Red Hat Build Of Keycloak 22, classified under Improper Check for Dropped Privileges. CVSS score: 3.4/10. Published 2024-11-17.
- How severe is CVE-2023-0657?
- Low severity. CVSS v3 base score is 3.4 out of 10.