A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-08-04T17:09:27.693Z

Updated: 2024-08-02T05:02:44.110Z

Reserved: 2023-01-12T23:10:37.812Z

Link: CVE-2023-0264

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-08-04T18:15:11.090

Modified: 2024-11-21T07:36:51.503

Link: CVE-2023-0264

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-02-28T18:58:00Z

Links: CVE-2023-0264 - Bugzilla