Description
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0091
Related Vulnerabilities
CVE-2013-4366 Vulnerability in maven package org.apache.httpcomponents:httpclient
CVE-2017-15702 Vulnerability in maven package org.apache.qpid:qpid-broker
CVE-2020-13943 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2023-30843 Vulnerability in npm package payload
CVE-2022-36905 Vulnerability in maven package eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin