Vulnerability Description
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Keycloak | < 18.0.6 |
| Redhat | Single Sign-On | < 7.6.2 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Openshift Container Platform | 4.9 |
| Redhat | Openshift Container Platform For Ibm Linuxone | 4.9 |
| Redhat | Openshift Container Platform Ibm Z Systems | 4.9 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2023-0264Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-0264Vendor Advisory
FAQ
What is CVE-2023-0264?
CVE-2023-0264 is a vulnerability with a CVSS score of 5.0 (MEDIUM). A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the sam...
How severe is CVE-2023-0264?
CVE-2023-0264 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0264?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Keycloak, Redhat Single Sign-On, Redhat Enterprise Linux, Redhat Openshift Container Platform, Redhat Openshift Container Platform For Ibm Linuxone.