Description
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
Remediation
References
https://issues.redhat.com/browse/KEYCLOAK-16550
https://bugzilla.redhat.com/show_bug.cgi?id=1765129
Related Vulnerabilities
CVE-2023-35148 Vulnerability in maven package org.jenkins-ci.plugins:ease-plugin
CVE-2022-43410 Vulnerability in maven package org.jenkins-ci.plugins:mercurial
CVE-2023-27899 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-26476 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server