Keycloak OIDC Auth Flaw Enables Session Token Impersonation
CVE-2023-0264 Published on August 4, 2023
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Products Associated with CVE-2023-0264
stack.watch emails you whenever new vulnerabilities are published in Red Hat Keycloak or Red Hat Single Sign On. Just hit a watch button to start following.
Affected Versions
redhat.com Keycloak:- Version 18.0.6 and below 18.0.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.