A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-18T22:59:07.495Z

Updated: 2024-11-23T03:46:21.703Z

Reserved: 2023-12-18T15:44:40.245Z

Link: CVE-2023-6927

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-18T23:15:10.027

Modified: 2024-11-21T08:44:51.110

Link: CVE-2023-6927

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-12-18T00:00:00Z

Links: CVE-2023-6927 - Bugzilla