Description

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0091

Related Vulnerabilities

CVE-2023-32070 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-syntax-xhtml

CVE-2022-34784 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics

CVE-2023-35925 Vulnerability in maven package com.fastasyncworldedit:fastasyncworldedit-bukkit

CVE-2021-35517 Vulnerability in maven package org.apache.commons:commons-compress

CVE-2021-45458 Vulnerability in maven package org.apache.kylin:kylin-core-common

Severity

Low

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory