CVE-2023-0264
published 2023-08-04CVE-2023-0264: A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain…
medium5CVSS 3.1
AVNACHPRLUINSUCLILAL
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat.com | keycloak | >= 18.0.6 < 18.0.6 | 18.0.6 |
| redhat | keycloak | < 18.0.6 | 18.0.6 |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform_for_ibm_linuxone | — | — |
| redhat | openshift_container_platform_for_ibm_linuxone | — | — |
| redhat | openshift_container_platform_ibm_z_systems | — | — |
| redhat | openshift_container_platform_ibm_z_systems | — | — |
| redhat | single_sign-on | < 7.6.2 | 7.6.2 |