Description
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0091
Related Vulnerabilities
CVE-2022-32287 Vulnerability in maven package org.apache.uima:uimaj-core
CVE-2021-3856 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2019-10444 Vulnerability in maven package org.jenkins-ci.plugins:bumblebee
CVE-2012-0803 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal
CVE-2021-36737 Vulnerability in maven package org.apache.portals.pluto.demo:v3-demo-portlet