Description

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

INFO

Published Date :

2024-11-17T10:19:03.717Z

Last Modified :

2024-11-17T16:18:51.475Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2023-0657 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
  • Red Hat Single Sign On

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact