Security Advisories

CGA-6hcj-97r2-cmw6

Published

Last updated

https://images.chainguard.dev/security/CGA-6hcj-97r2-cmw6

Package

keycloak

Latest Update

Fixed

Fixed Version

24.0.3-r0

Aliases

CVE-2023-0657
GHSA-7fpj-9hr8-28vh

Severity

3.4

Low

CVSS V3

Summary

Keycloak vulnerable to impersonation via logout token exchange

Description

Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-0657
https://github.com/advisories/GHSA-7fpj-9hr8-28vh
https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/security/cve/CVE-2023-0657
https://bugzilla.redhat.com/show_bug.cgi?id=2166728
https://github.com/keycloak/keycloak

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-6hcj-97r2-cmw6

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources