logo

Database

Cross-site request forgery In org.keycloak:keycloak-parent

Description

Duplicate Advisory: Keycloak Open Redirect vulnerability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-9vm7-v8wj-3fqw. This link is maintained to preserve external references.

Original Description

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. NVD-2023-69272. GCVE-GHSA-3p75-q5cc-qmj73. access.redhat.com4. access.redhat.com5. access.redhat.com6. access.redhat.com7. access.redhat.com8. access.redhat.com9. access.redhat.com10. ACCESS-CVE-2023-6927

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=2255027

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.