{}

{}

{}

{"affected_release": [{"advisory": "RHSA-2024:1867", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-operator-bundle:22.0.10-1", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1867", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-rhel9:22-13", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1867", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-rhel9-operator:22-16", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1868", "cpe": "cpe:/a:redhat:build_keycloak:22", "package": "keycloak", "product_name": "Red Hat build of Keycloak 22.0.10", "release_date": "2024-04-16T00:00:00Z"}], "bugzilla": {"description": "keycloak: impersonation via logout token exchange", "id": "2166728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-273", "details": ["A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions."], "name": "CVE-2023-0657", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "package_name": "keycloak", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2024-04-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0657\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0657"], "threat_severity": "Low", "upstream_fix": "rhbk 22.0.10"}