logo

Database

Cross-site request forgery In org.keycloak:keycloak-core

Description

keycloak-core: open redirect via "form_post.jwt" JARM response mode An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt". It is observed that changing the response_mode parameter in the original proof of concept from "form_post" to "form_post.jwt" can bypass the security patch implemented to address CVE-2023-6134.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-69272. NVD-2023-69273. OSV-2023-69274. GHSA-9vm7-v8wj-3fqw5. GHSA-3p75-q5cc-qmj76. GCVE-2023-69277. access.redhat.com8. access.redhat.com9. access.redhat.com10. access.redhat.com11. access.redhat.com12. access.redhat.com13. access.redhat.com14. ACCESS-CVE-2023-6927

References

1. https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw2. https://bugzilla.redhat.com/show_bug.cgi?id=2255027

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.