Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-6717
Awaiting Analysis
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-25 Apr, 2024 | 16:15
Updated At-29 Aug, 2024 | 19:15

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primarysecalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2024:1353secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1867secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1868secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2945secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4057secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2023-6717secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2253952secalert@redhat.com
N/A
Change History
0Changes found
Details not found