Description
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0264
Related Vulnerabilities
CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin
CVE-2023-33940 Vulnerability in maven package com.liferay:com.liferay.client.extension.type.impl
CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap
CVE-2017-1000006 Vulnerability in maven package org.webjars.npm:plotly.js
CVE-2023-24439 Vulnerability in maven package org.jenkins-ci.plugins:jira-steps