Description

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Remediation

References

https://access.redhat.com/security/cve/CVE-2023-0091

Related Vulnerabilities

CVE-2015-5654 Vulnerability in npm package dojo

CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j

CVE-2020-2186 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2022-38369 Vulnerability in maven package org.apache.iotdb:iotdb-server

CVE-2020-1945 Vulnerability in maven package org.apache.ant:ant

Severity

Low

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Tags

Vendor Advisory