Description
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0264
Related Vulnerabilities
CVE-2023-32069 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui
CVE-2012-5886 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2016-2171 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-security
CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-jdk14
CVE-2020-1723 Vulnerability in maven package org.keycloak:keycloak-core