Keycloak OIDC Auth Flaw Enables Session Token Impersonation
CVE-2023-0264 Published on August 4, 2023

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

NVD

Products Associated with CVE-2023-0264

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-0264 are published in these products:

Red Hat Keycloak

Red Hat Single Sign On

Affected Versions

redhat.com Keycloak:

Version 18.0.6 and below 18.0.6 is affected.

Exploit Probability

EPSS

3.94%

Percentile

88.10%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Keycloak OIDC Auth Flaw Enables Session Token ImpersonationCVE-2023-0264 Published on August 4, 2023

Products Associated with CVE-2023-0264

Affected Versions

Exploit Probability

Keycloak OIDC Auth Flaw Enables Session Token Impersonation
CVE-2023-0264 Published on August 4, 2023