Keycloak: open redirect via "form_post.jwt" jarm response mode
CVE-2023-6927

4.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak 22; Red Hat Build Of Keycloak 22.0.8; Red Hat Single Sign-on 7.0; Red Hat Single Sign-on 7.6 For Rhel 7
Vendor: CVE Published:; 18 December 2023

Summary

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

Affected Version(s)

Red Hat build of Keycloak 22 22-7

References

https://access.redhat.com/errata/RHSA-2024:0094

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0095

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0096

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Dec 18, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Pontus Hanssen ([email protected]) for reporting this issue.

.