Description
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0264
Related Vulnerabilities
CVE-2022-43416 Vulnerability in maven package org.jenkins-ci.plugins:katalon
CVE-2021-21612 Vulnerability in maven package de.tracetronic.jenkins.plugins:ecutest
CVE-2023-37957 Vulnerability in maven package io.jenkins.plugins:pipeline-restful-api
CVE-2021-39233 Vulnerability in maven package org.apache.ozone:ozone-main
CVE-2017-1000401 Vulnerability in maven package org.jenkins-ci.main:jenkins-core