CVE-2023-0264
moderate-risk
Published 2023-08-04
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
Do I need to act?
~
3.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.0/10
Medium
NETWORK
/ HIGH complexity
Affected Products (9)
Openshift Container Platform For Ibm Linuxone
Openshift Container Platform For Ibm Linuxone
Openshift Container Platform Ibm Z Systems
Openshift Container Platform Ibm Z Systems
Affected Vendors
References (2)
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-0264
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-0264
38
/ 100
moderate-risk
Severity
16/34 · Moderate
Exploitability
7/34 · Low
Exposure
15/34 · Moderate