CVE-2023-6484
MEDIUM EPSS 58.7%
Published Apr 25, 20242y ago · Modified Jun 26, 20263d ago
5.3 CVSS 3.1
Published Apr 25, 2024 2y ago
Last Modified Jun 26, 2026 3d ago
Description
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
58.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-117
References 16
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0798
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0799
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0800
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0801
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0804
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1860
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1861
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1862
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1864
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1865
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1866
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1867
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1868
- access.redhat.com https://access.redhat.com/security/cve/CVE-2023-6484
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2248423
- github.com https://github.com/advisories/GHSA-j628-q885-8gr5
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.