Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-12160 Vulnerability in maven package org.keycloak:keycloak-services

Description

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.

Remediation

References

https://access.redhat.com/errata/RHSA-2017:2904

https://access.redhat.com/errata/RHSA-2017:2905

https://access.redhat.com/errata/RHSA-2017:2906

https://bugzilla.redhat.com/show_bug.cgi?id=1484154

Related Vulnerabilities

CVE-2022-41919 Vulnerability in npm package fastify

CVE-2023-43494 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-36007 Vulnerability in maven package com.github.jlangch:venice

CVE-2022-21126 Vulnerability in maven package com.github.samtools:htsjdk

CVE-2019-16869 Vulnerability in maven package io.netty:netty

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory