Keycloak: amount of attributes per object is not limited and it may lead to dos
CVE-2023-6841

7.5HIGH

Key Information:

Status
Red Hat Build Of Quarkus
Red Hat Fuse 7
Red Hat Mobile Application Platform 4
Vendor
CVE Published:
10 September 2024

What is CVE-2023-6841?

A denial of service vulnerability has been identified in Keycloak that results from an unbounded number of attributes allowed per object. An attacker can exploit this weakness by sending multiple HTTP requests containing long attribute values, leading to resource exhaustion on the server. This vulnerability poses risks to application performance and availability, potentially disrupting services for legitimate users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2023-6841
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2254714
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.