CGA-8986-wm7j-phq8

Published

Last updated

https://images.chainguard.dev/security/CGA-8986-wm7j-phq8

Package

keycloak-fips

Latest Update

Under investigation

Aliases

CVE-2023-6841
GHSA-w97f-w3hq-36g2

Severity

6.5

Medium

CVSS V3

Summary

Keycloak Denial of Service vulnerability

Description

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with the introduction of the User Profile feature.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-6841
https://github.com/advisories/GHSA-w97f-w3hq-36g2
https://github.com/keycloak/keycloak/issues/32837
https://access.redhat.com/security/cve/CVE-2023-6841
https://bugzilla.redhat.com/show_bug.cgi?id=2254714
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/releases/tag/24.0.0

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-8986-wm7j-phq8

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources