DirectorySecurity Advisories
Sign In
Security Advisories

CGA-4h4r-vrhm-r8c8

Published

Last updated

https://images.chainguard.dev/security/CGA-4h4r-vrhm-r8c8
Package

keycloak-fips

Latest Update
Fixed
Fixed Version

24.0.3-r0

Aliases
  • CVE-2023-6544
  • GHSA-46c8-635v-68r2

Severity

5.4

Medium

CVSS V3

Summary

Keycloak Authorization Bypass vulnerability

Description

Due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.

Acknowledgements:

Special thanks to Bastian Kanbach for reporting this issue and helping us improve our security.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation