Vulnerabilities > CVE-2023-0091 - Incorrect Authorization vulnerability in Redhat Keycloak

CVSS 3.8 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

redhat

CWE-863

NVD

Published: 2023-01-13

Updated: 2023-02-22

Summary

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Keycloak - Redhat Single Sign ON 7.0	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://access.redhat.com/security/cve/CVE-2023-0091