CVE-2023-6841

CWE-2315 documents5 sources

Severity

7.5HIGH

EPSS

0.6%

top 30.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Single Sign-on

Timeline

PublishedSep 10

Description

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Mavenorg.keycloak:keycloak-core< 24.0.0

▶NVDredhat/single_sign-on7.0

🔴Vulnerability Details

GHSA

Keycloak Denial of Service vulnerability↗2024-09-10

▶

OSV

Keycloak Denial of Service vulnerability↗2024-09-10

▶

CVEList

Keycloak: amount of attributes per object is not limited and it may lead to dos↗2024-09-10

▶

📋Vendor Advisories

Red Hat

keycloak: Amount of attributes per object is not limited and it may lead to DOS↗2024-09-10

▶