Vulnerabilities > CVE-2023-0657
Attack vector
ADJACENT_NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE high complexity
CWE-273
Summary
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.