CVE-2023-6291

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

Severity

7.1

High

CVSS V3

Description

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

References

https://images.chainguard.dev/security/CGA-gfm2-jv77-99mm
https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
https://access.redhat.com/errata/RHSA-2023:7854
https://access.redhat.com/errata/RHSA-2023:7855
https://access.redhat.com/errata/RHSA-2023:7856
https://access.redhat.com/errata/RHSA-2023:7857
https://access.redhat.com/errata/RHSA-2023:7858
https://access.redhat.com/errata/RHSA-2023:7860
https://access.redhat.com/errata/RHSA-2023:7861
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/security/cve/CVE-2023-6291
https://bugzilla.redhat.com/show_bug.cgi?id=2251407

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2023-6291

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company