CVE-2023-0657
LOWDescription
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2023-0657? +
How severe is CVE-2023-0657? +
How do I check if I'm vulnerable to CVE-2023-0657? +
Related Vulnerabilities
A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may …
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an …
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content …
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the …
In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic …
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in …