Keycloak: amount of attributes per object is not limited and it may lead to dos
CVE-2023-6841
7.5HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Build Of Quarkus
- Red Hat Fuse 7
- Red Hat Mobile Application Platform 4
- Red Hat Openshift Application Runtimes
- Vendor
- CVE Published:
- 10 September 2024
Summary
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database