VDB
CVE-2023-6787
CVE-2023-6787
PUBLISHED
Es existiert eine Schwachstelle in Keycloak. Diese ist auf einen Fehler bei der Sessionverwaltung zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Benutzerrechte zu erlangen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.57% · 69.1th percentile
Risk Scores
EPSS Score
0.57%
69.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss A-MQ Broker <7.12.0 | |
| Hitachi | Hitachi Ops Center | |
| Open Source | Open Source Keycloak | |
| Red Hat | Red Hat Enterprise Linux | |
| Red Hat | Red Hat Enterprise Linux Keycloak <22.0.10 |
Exploit Intelligence
- CIRCL seen: CVE-2023-6787 (circl-sighting)
- RHSA-2024:1867 (circl)
- RHSA-2024:1868 (circl)
- https://access.redhat.com/security/cve/CVE-2023-6787 (circl)
- RHBZ#2254375 (circl)
- https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj (circl)
Timeline
- Feb 21, 2024 PoC Published
- Feb 21, 2024 CVE Published
- Apr 26, 2024 EPSS Score
- May 21, 2024 EPSS Score
- Jun 15, 2024 EPSS Score
- Jul 10, 2024 EPSS Score
- Aug 3, 2024 EPSS Score
- Aug 28, 2024 EPSS Score
- Sep 21, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 16, 2024 EPSS Score
- Nov 9, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0466.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0466 advisory
- https://access.redhat.com/security/cve/cve-2023-6787 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2254375 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0914.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0914 advisory
- https://access.redhat.com/errata/RHSA-2024:1867 advisory
- https://access.redhat.com/errata/RHSA-2024:1868 advisory
- https://access.redhat.com/errata/RHSA-2024:2945 advisory
- https://access.redhat.com/errata/RHSA-2024:3752 advisory
- https://access.redhat.com/errata/RHSA-2024:3919 advisory
- https://access.redhat.com/errata/RHSA-2024:3989 advisory
- https://access.redhat.com/errata/RHSA-2024:4057 advisory
- https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-152/index.html advisory