Description
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1790759
Related Vulnerabilities
CVE-2023-46657 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook
CVE-2018-1002203 Vulnerability in maven package org.webjars.npm:unzipper
CVE-2019-16771 Vulnerability in maven package com.linecorp.armeria:armeria
CVE-2022-1415 Vulnerability in maven package org.drools:drools-core
CVE-2023-34238 Vulnerability in npm package gatsby-plugin-sharp