A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.
Metrics
Affected Vendors & Products
References
History
Sun, 24 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T15:58:47.204Z
Updated: 2024-11-24T21:10:49.330Z
Reserved: 2023-12-06T05:42:36.249Z
Link: CVE-2023-6544
Vulnrichment
Updated: 2024-08-02T08:35:14.454Z
NVD
Status : Awaiting Analysis
Published: 2024-04-25T16:15:10.097
Modified: 2024-11-21T08:44:03.880
Link: CVE-2023-6544
Redhat