Red%20Hat%20build%20of%20Keycloak%2022.0.8

Red Hat build of Keycloak 22.0.8

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2023-6927

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-4.6||MEDIUM

EPSS-0.56% / 67.40%

7 Day CHG~0.00%

Published-18 Dec, 2023 | 22:59

Updated-07 Aug, 2025 | 11:14

Keycloak: open redirect via "form_post.jwt" jarm response mode

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

Vendor-Red Hat, Inc.

Product-single_sign-on keycloak Red Hat Single Sign-On 7 Red Hat Single Sign-On 7.6 for RHEL 7 Red Hat build of Keycloak 22.0.8 Red Hat Single Sign-On 7.6 for RHEL 8 Single Sign-On 7.6.6 RHEL-8 based Middleware Containers Red Hat Single Sign-On 7.6 for RHEL 9 Red Hat build of Keycloak 22

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')