VDB
CVE-2023-6291
CVE-2023-6291
PUBLISHED
Es existiert eine Schwachstelle in Keycloak und Red Hat Single Sign On. Die Ursache ist ein Problem in der redirect_uri Validierungslogik. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.18% · 39.4th percentile
Risk Scores
EPSS Score
0.18%
39.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source | Open Source Keycloak | |
| Red Hat | Red Hat Enterprise Linux | |
| Hitachi | Hitachi Ops Center |
Timeline
- Dec 14, 2023 CVE Published
- Jan 26, 2024 PoC Published
- Jan 31, 2024 EPSS Score
- Feb 28, 2024 EPSS Score
- Mar 26, 2024 EPSS Score
- Apr 23, 2024 EPSS Score
- May 20, 2024 EPSS Score
- Jun 17, 2024 EPSS Score
- Jul 1, 2024 CVE Updated
- Jul 14, 2024 EPSS Score
- Aug 11, 2024 EPSS Score
- Oct 5, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3156.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3156 advisory
- https://access.redhat.com/errata/RHSA-2024:0799 advisory
- https://access.redhat.com/errata/RHSA-2024:0804 advisory
- https://access.redhat.com/errata/RHSA-2023:7854 advisory
- https://access.redhat.com/errata/RHSA-2023:7855 advisory
- https://access.redhat.com/errata/RHSA-2023:7856 advisory
- https://access.redhat.com/errata/RHSA-2023:7857 advisory
- https://access.redhat.com/errata/RHSA-2023:7858 advisory
- https://access.redhat.com/errata/RHSA-2023:7860 advisory
- https://access.redhat.com/errata/RHSA-2023:7861 advisory
- https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-133/index.html advisory