DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2023-6544

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-6544

CGA ID

CGA-vffr-h5qj-w4q4

Severity

5.4

Medium

CVSS V3

Summary

Keycloak Authorization Bypass vulnerability

Description

Due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.

Acknowledgements:

Special thanks to Bastian Kanbach for reporting this issue and helping us improve our security.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images