DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2023-0657

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-0657

CGA ID

CGA-6hcj-97r2-cmw6

Severity

3.4

Low

CVSS V3

Summary

Keycloak vulnerable to impersonation via logout token exchange

Description

Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images