Description
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0264
Related Vulnerabilities
CVE-2023-35152 Vulnerability in maven package org.xwiki.platform:xwiki-platform-like-ui
CVE-2017-15707 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2023-39956 Vulnerability in npm package electron
CVE-2022-43422 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-utilities
CVE-2016-4461 Vulnerability in maven package org.apache.struts.xwork:xwork-core