Description

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0091

Related Vulnerabilities

CVE-2019-10451 Vulnerability in maven package com.soasta.jenkins:cloudtest

CVE-2023-26136 Vulnerability in npm package tough-cookie

CVE-2020-1914 Vulnerability in npm package hermes-engine

CVE-2019-1003019 Vulnerability in maven package org.jenkins-ci.plugins:github-oauth

CVE-2021-44832 Vulnerability in maven package org.apache.logging.log4j:log4j-core

Severity

Low

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory