CVE-2023-0264 in Keycloakinfo

Summary

by MITRE • 08/04/2023

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

01/12/2023

Disclosure

08/04/2023

Moderation

accepted

Entry

VDB-222254

CPE

ready

CWE

CWE-345 (confirmed)

CVSS

5.5 (VulDB)

EPSS

0.01274

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-0264
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-0264
CVE Details	https://www.cvedetails.com/cve/CVE-2023-0264/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!