CVE-2023-2422
CVSS v3.1
7.1 (High)
EPSS
0.10 % (42th)
Affected Products
4
Advisories
1
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.
Weaknesses
- CWE-295
- Improper Certificate Validation
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2023-10-04 11:15:10
(11 months ago) - Updated Date
-
2023-11-07 04:12:40
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...