Vulnerability Description
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:0798
- https://access.redhat.com/errata/RHSA-2024:0799
- https://access.redhat.com/errata/RHSA-2024:0800
- https://access.redhat.com/errata/RHSA-2024:0801
- https://access.redhat.com/errata/RHSA-2024:0804
- https://access.redhat.com/errata/RHSA-2024:1860
- https://access.redhat.com/errata/RHSA-2024:1861
- https://access.redhat.com/errata/RHSA-2024:1862
- https://access.redhat.com/errata/RHSA-2024:1864
- https://access.redhat.com/errata/RHSA-2024:1865
- https://access.redhat.com/errata/RHSA-2024:1866
- https://access.redhat.com/errata/RHSA-2024:1867
- https://access.redhat.com/errata/RHSA-2024:1868
- https://access.redhat.com/security/cve/CVE-2023-6484
- https://bugzilla.redhat.com/show_bug.cgi?id=2248423
FAQ
What is CVE-2023-6484?
CVE-2023-6484 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs in...
How severe is CVE-2023-6484?
CVE-2023-6484 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6484?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.