Description

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0091

Related Vulnerabilities

CVE-2022-22984 Vulnerability in npm package snyk-sbt-plugin

CVE-2019-1003035 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents

CVE-2011-4905 Vulnerability in maven package activemq:activemq

CVE-2023-31469 Vulnerability in maven package org.apache.streampipes:streampipes-rest

CVE-2020-2321 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin

Severity

Low

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory