VDB

CISA-2023-6787

CISA-2023-6787 PUBLISHED CVSS 6.5 MEDIUM

Reported by redhat · Published April 25, 2024

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
0, 0
Red HatRed Hat build of Keycloak 2222.0.10-1
Red HatRed Hat build of Keycloak 2222-13
Red HatRed Hat build of Keycloak 2222-16
Red HatRed Hat build of Keycloak 22.0.10
Red HatRed Hat Single Sign-On 7
Red HatRed Hat build of Keycloak 2222-16, 22-16
Red HatRed Hat build of Keycloak 2222-13, 22-13
Red HatRed Hat build of Keycloak 22.0.10
Red HatRed Hat build of Keycloak 2222.0.10-1, 22.0.10-1
Red HatRed Hat Single Sign-On 7
0, 0, 0

Timeline

  • Apr 25, 2024 CVE Published
  • Nov 11, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›