Description

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0091

Related Vulnerabilities

CVE-2023-40345 Vulnerability in maven package org.jenkins-ci.plugins:delphix

CVE-2020-2110 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2023-44487 Vulnerability in maven package io.helidon.http:helidon-http-http2

CVE-2020-7599 Vulnerability in maven package com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin

CVE-2023-32695 Vulnerability in maven package org.webjars.npm:socket.io-parser

Severity

Low

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory