Description

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0091

Related Vulnerabilities

CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-jaas

CVE-2023-36477 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-ui

CVE-2015-7501 Vulnerability in maven package org.apache.commons:commons-collections4

CVE-2023-31125 Vulnerability in npm package engine.io

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api

Severity

Low

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory