CVE-2023-6927 — Vulnetix

CVE-2023-6927 PUBLISHED

In Keycloak existiert eine Cross-Site Scripting Schwachstelle. Die Ursache ist ein ungenügender Sicherheitspatch für die Schwachstelle CVE-2023-6134. Ein Angreifer kann das ausnutzen, um durch einen Cross Site Scripting Angriff Autorisierungscodes oder Token von Clients zu stehlen, indem er einen Platzhalter im JARM-Antwortmodus "form_post.jwt" verwendet.

EPSS 0.84% · 75.0th percentile

Risk Scores

EPSS Score

0.84%

75.0th percentile

Affected Products

Vendor	Product	Versions
Open Source	Open Source Keycloak
Red Hat	Red Hat Single Sign On <7.6.6
Hitachi	Hitachi Ops Center
Red Hat	Red Hat Enterprise Linux

Timeline

Dec 18, 2023 CVE Published
Dec 19, 2023 EPSS Score
Jan 4, 2024 PoC Published
Jan 12, 2024 PoC Published
Jan 17, 2024 EPSS Score
Feb 15, 2024 EPSS Score
Mar 15, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 10, 2024 EPSS Score
Jul 9, 2024 EPSS Score
Aug 7, 2024 EPSS Score
Sep 5, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3173.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3173 advisory
https://access.redhat.com/errata/RHSA-2024:0097 advisory
https://access.redhat.com/errata/RHSA-2024:0094 advisory
https://access.redhat.com/errata/RHSA-2024:0095 advisory
https://access.redhat.com/errata/RHSA-2024:0096 advisory
https://access.redhat.com/errata/RHSA-2024:0098 advisory
https://access.redhat.com/errata/RHSA-2024:0100 advisory
https://access.redhat.com/errata/RHSA-2024:0101 advisory
https://access.redhat.com/errata/RHSA-2024:0799 advisory
https://access.redhat.com/errata/RHSA-2024:0804 advisory
https://github.com/advisories/GHSA-3p75-q5cc-qmj7 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-6927 advisory
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-133/index.html advisory

Open in Interactive Console →