Keycloak: log injection during webauthn authentication or registration
CVE-2023-6484
5.3MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Build Of Keycloak 22
- Red Hat Build Of Keycloak 22.0.10
- Red Hat Single Sign-on 7
- Red Hat Single Sign-on 7.6 For Rhel 7
- Vendor
- CVE Published:
- 25 April 2024
Summary
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
Affected Version(s)
Red Hat build of Keycloak 22 <= 22.0.10-1
Red Hat build of Keycloak 22 <= 22-13
Red Hat build of Keycloak 22 <= 22-16
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 5.3 - (MEDIUM)
Vulnerability published.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database