CVE-2023-2422
Published: Oct 4, 2023
Modified: Aug 2, 2024
CVSS v3.1
5.5
Description
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Red Hat Single Sign-On 7 | All versions |
Red Hat | Red Hat Single Sign-On 7.6 for RHEL 7 | unaffected 0:18.0.8-1.redhat_00001.1.el7sso - < * |
Red Hat | Red Hat Single Sign-On 7.6 for RHEL 8 | unaffected 0:18.0.8-1.redhat_00001.1.el8sso - < * |
Red Hat | Red Hat Single Sign-On 7.6 for RHEL 9 | unaffected 0:18.0.8-1.redhat_00001.1.el9sso - < * |
Red Hat | RHEL-8 based Middleware Containers | unaffected 7.6-24 - < * |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now