CVE-2023-0091

Published: Jan 13, 2023Modified: Apr 9, 2025

3.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Exploitability: 1.2 / Impact: 2.5

Source: NVD

Description

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Affected (1)

Products: Redhat: Keycloak

Redhat

1 product

Keycloak

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Keycloak	All versions

Running on/with	Platform Versions
Redhat Single Sign On	Version 7.0

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://access.redhat.com/security/cve/CVE-2023-0091

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0091

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.