A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-12-18T22:59:07.495Z
Updated: 2024-11-23T03:46:21.703Z
Reserved: 2023-12-18T15:44:40.245Z
Link: CVE-2023-6927
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-18T23:15:10.027
Modified: 2024-11-21T08:44:51.110
Link: CVE-2023-6927
Redhat