CVE-2023-0657

LOW EPSS 21.5%

Published Nov 17, 20241y ago · Modified Jun 17, 20261w ago

3.4 CVSS 3.1

Low

Published Nov 17, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

CVSS Details

Base Score

3.4

Exploitability

0.9

Impact

2.5

Vector string

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector Adjacent

Attack Complexity High

Privileges Required Low

User Interaction Required

Scope Unchanged

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

21.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-273

References 4

access.redhat.com https://access.redhat.com/errata/RHSA-2024:1867
access.redhat.com https://access.redhat.com/errata/RHSA-2024:1868
access.redhat.com https://access.redhat.com/security/cve/CVE-2023-0657
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2166728

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.