Description
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0264
Related Vulnerabilities
CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2022-45394 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin
CVE-2021-25329 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-34055 Vulnerability in maven package org.springframework.boot:spring-boot-actuator
CVE-2021-21028 Vulnerability in maven package com.adobe.acs:acs-aem-commons