CVE-2023-6484 - Vulnerability Details - OpenCVE

Description

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.

Published: 2024-04-25

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

unaffected

Version	Status	Constraints
`0`	affected	< 22.0.9
`23.0.0`	affected	< 23.0.5

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22.0.10-1`	unaffected	< *

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22-13`	unaffected	< *

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22-16`	unaffected	< *

Red Hat Red Hat build of Keycloak 22.0.10 unaffected —

Red Hat Red Hat Single Sign-On 7 unaffected —

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 7

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el7sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 7

affected

Version	Status	Constraints
`0:18.0.13-1.redhat_00001.1.el7sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 8

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el8sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 8

affected

Version	Status	Constraints
`0:18.0.13-1.redhat_00001.1.el8sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 9

affected

Version	Status	Constraints
`0:18.0.12-1.redhat_00001.1.el9sso`	unaffected	< *

Red Hat

Red Hat Single Sign-On 7.6 for RHEL 9

affected

Version	Status	Constraints
`0:18.0.13-1.redhat_00001.1.el9sso`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6-41`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6-46`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6-16`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6-18`	unaffected	< *

Red Hat

RHEL-8 based Middleware Containers

affected

Version	Status	Constraints
`7.6.8-2`	unaffected	< *

Red Hat RHSSO 7.6.8 unaffected —

No data.

Package	CPE	Advisory	Released Date
Red Hat build of Keycloak 22
rhbk/keycloak-operator-bundle:22.0.10-1	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
rhbk/keycloak-rhel9:22-13	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
rhbk/keycloak-rhel9-operator:22-16	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
Red Hat build of Keycloak 22.0.10
	cpe:/a:redhat:build_keycloak:22	RHSA-2024:1868	2024-04-16T00:00:00Z
Red Hat Single Sign-On 7
keycloak	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2024:0804	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2024:0798	2024-02-13T00:00:00Z
rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2024:1860	2024-04-16T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2024:0799	2024-02-13T00:00:00Z
rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2024:1861	2024-04-16T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2024:0800	2024-02-13T00:00:00Z
rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2024:1862	2024-04-16T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-41	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:0801	2024-02-13T00:00:00Z
rh-sso-7/sso76-openshift-rhel8:7.6-46	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:1864	2024-04-16T00:00:00Z
rh-sso-7/sso7-rhel8-init-container:7.6-16	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:1865	2024-04-16T00:00:00Z
rh-sso-7/sso7-rhel8-operator:7.6-18	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:1865	2024-04-16T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.6.8-2	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:1865	2024-04-16T00:00:00Z
RHSSO 7.6.8
keycloak-rhel9-operator-bundle-container	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2024:1866	2024-04-16T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-1229	A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
Github GHSA	GHSA-j628-q885-8gr5	Keycloak vulnerable to log Injection during WebAuthn authentication or registration

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0044.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/errata/RHSA-2024:1860
https://access.redhat.com/errata/RHSA-2024:1861
https://access.redhat.com/errata/RHSA-2024:1862
https://access.redhat.com/errata/RHSA-2024:1864
https://access.redhat.com/errata/RHSA-2024:1865
https://access.redhat.com/errata/RHSA-2024:1866
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/security/cve/CVE-2023-6484
https://bugzilla.redhat.com/show_bug.cgi?id=2248423
https://nvd.nist.gov/vuln/detail/CVE-2023-6484
https://www.cve.org/CVERecord?id=CVE-2023-6484

History

Sun, 24 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Redhat Build Keycloak Red Hat Single Sign On Rhosemc

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-25T15:58:18.169Z

Updated: 2026-03-02T22:14:50.304Z

Reserved: 2023-12-04T10:48:43.809Z

Link: CVE-2023-6484

Vulnrichment

Updated: 2024-08-02T08:28:21.872Z

NVD

Status : Deferred

Published: 2024-04-25T16:15:09.743

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-6484

Redhat

Severity : Low

Publid Date: 2023-12-04T00:00:00Z

Links: CVE-2023-6484 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-117

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-6484", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-12-04T10:48:43.809Z", "datePublished": "2024-04-25T15:58:18.169Z", "dateUpdated": "2026-03-02T22:14:50.304Z"}, "containers": {"cna": {"title": "Keycloak: log injection during webauthn authentication or registration", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "22.0.9", "versionType": "semver"}, {"status": "affected", "version": "23.0.0", "lessThan": "23.0.5", "versionType": "semver"}], "packageName": "keycloak", "collectionURL": "https://www.keycloak.org/", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "22.0.10-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:22::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "22-13", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:22::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "22-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:22::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 22.0.10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:build_keycloak:22"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rh-sso7-keycloak", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.12-1.redhat_00001.1.el7sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.13-1.redhat_00001.1.el7sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.12-1.redhat_00001.1.el8sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.13-1.redhat_00001.1.el8sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.12-1.redhat_00001.1.el9sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-sso7-keycloak", "defaultStatus": "affected", "versions": [{"version": "0:18.0.13-1.redhat_00001.1.el9sso", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rh-sso-7/sso76-openshift-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.6-41", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rh-sso-7/sso76-openshift-rhel8", "defaultStatus": "affected", "versions": [{"version": "7.6-46", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rh-sso-7/sso7-rhel8-init-container", "defaultStatus": "affected", "versions": [{"version": "7.6-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rh-sso-7/sso7-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "7.6-18", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rh-sso-7/sso7-rhel8-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "7.6.8-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"]}, {"vendor": "Red Hat", "product": "RHSSO 7.6.8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "keycloak-rhel9-operator-bundle-container", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0798", "name": "RHSA-2024:0798", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0799", "name": "RHSA-2024:0799", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0800", "name": "RHSA-2024:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0801", "name": "RHSA-2024:0801", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0804", "name": "RHSA-2024:0804", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1860", "name": "RHSA-2024:1860", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1861", "name": "RHSA-2024:1861", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1862", "name": "RHSA-2024:1862", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1864", "name": "RHSA-2024:1864", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1865", "name": "RHSA-2024:1865", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1866", "name": "RHSA-2024:1866", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1867", "name": "RHSA-2024:1867", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1868", "name": "RHSA-2024:1868", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6484", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423", "name": "RHBZ#2248423", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-12-04T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-117", "description": "Improper Output Neutralization for Logs", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-117: Improper Output Neutralization for Logs", "timeline": [{"lang": "en", "time": "2023-11-06T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-04T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-02T22:14:50.304Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:21.872Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0798", "name": "RHSA-2024:0798", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0799", "name": "RHSA-2024:0799", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0800", "name": "RHSA-2024:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0801", "name": "RHSA-2024:0801", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0804", "name": "RHSA-2024:0804", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1860", "name": "RHSA-2024:1860", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1861", "name": "RHSA-2024:1861", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1862", "name": "RHSA-2024:1862", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1864", "name": "RHSA-2024:1864", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1865", "name": "RHSA-2024:1865", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1866", "name": "RHSA-2024:1866", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1867", "name": "RHSA-2024:1867", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1868", "name": "RHSA-2024:1868", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6484", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423", "name": "RHBZ#2248423", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T14:33:06.444846Z", "id": "CVE-2023-6484", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:33:17.644Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0798", "name": "RHSA-2024:0798", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0799", "name": "RHSA-2024:0799", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0800", "name": "RHSA-2024:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0801", "name": "RHSA-2024:0801", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0804", "name": "RHSA-2024:0804", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1860", "name": "RHSA-2024:1860", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1861", "name": "RHSA-2024:1861", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1862", "name": "RHSA-2024:1862", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1864", "name": "RHSA-2024:1864", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1865", "name": "RHSA-2024:1865", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1866", "name": "RHSA-2024:1866", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1867", "name": "RHSA-2024:1867", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1868", "name": "RHSA-2024:1868", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6484", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423", "name": "RHBZ#2248423", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:21.872Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-12T14:33:06.444846Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:33:13.996Z"}}], "cna": {"title": "Keycloak: log injection during webauthn authentication or registration", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "22.0.9", "versionType": "semver"}, {"status": "affected", "version": "23.0.0", "lessThan": "23.0.5", "versionType": "semver"}], "packageName": "keycloak", "collectionURL": "https://www.keycloak.org/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "versions": [{"status": "unaffected", "version": "22.0.10-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "versions": [{"status": "unaffected", "version": "22-13", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 22", "versions": [{"status": "unaffected", "version": "22-16", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:22"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 22.0.10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "versions": [{"status": "unaffected", "version": "0:18.0.12-1.redhat_00001.1.el7sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "versions": [{"status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el7sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:18.0.12-1.redhat_00001.1.el8sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el8sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:18.0.12-1.redhat_00001.1.el9sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el9sso", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso7-keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.6-41", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso-7/sso76-openshift-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.6-46", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso-7/sso76-openshift-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.6-16", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso-7/sso7-rhel8-init-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.6-18", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso-7/sso7-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhosemc:1.0::el8"], "vendor": "Red Hat", "product": "RHEL-8 based Middleware Containers", "versions": [{"status": "unaffected", "version": "7.6.8-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-sso-7/sso7-rhel8-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7.6"], "vendor": "Red Hat", "product": "RHSSO 7.6.8", "packageName": "keycloak-rhel9-operator-bundle-container", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-11-06T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-12-04T00:00:00.000Z", "value": "Made public."}], "datePublic": "2023-12-04T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0798", "name": "RHSA-2024:0798", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0799", "name": "RHSA-2024:0799", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0800", "name": "RHSA-2024:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0801", "name": "RHSA-2024:0801", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0804", "name": "RHSA-2024:0804", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1860", "name": "RHSA-2024:1860", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1861", "name": "RHSA-2024:1861", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1862", "name": "RHSA-2024:1862", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1864", "name": "RHSA-2024:1864", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1865", "name": "RHSA-2024:1865", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1866", "name": "RHSA-2024:1866", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1867", "name": "RHSA-2024:1867", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1868", "name": "RHSA-2024:1868", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6484", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423", "name": "RHBZ#2248423", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-117", "description": "Improper Output Neutralization for Logs"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-02T22:14:50.304Z"}, "x_redhatCweChain": "CWE-117: Improper Output Neutralization for Logs"}}, "cveMetadata": {"cveId": "CVE-2023-6484", "state": "PUBLISHED", "dateUpdated": "2026-03-02T22:14:50.304Z", "dateReserved": "2023-12-04T10:48:43.809Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-04-25T15:58:18.169Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de inyecci\u00f3n de registros en Keycloak. Se puede inyectar una cadena de texto a trav\u00e9s del formulario de autenticaci\u00f3n cuando se utiliza el modo de autenticaci\u00f3n WebAuthn. Este problema puede tener un impacto menor en la integridad de los registros."}], "id": "CVE-2023-6484", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-04-25T16:15:09.743", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0798"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0799"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0800"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0801"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0804"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1860"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1861"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1862"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1864"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1865"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1866"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1867"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1868"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2023-6484"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0801"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1860"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1864"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1866"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1867"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2023-6484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-117"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1867", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-operator-bundle:22.0.10-1", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1867", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-rhel9:22-13", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1867", "cpe": "cpe:/a:redhat:build_keycloak:22::el9", "package": "rhbk/keycloak-rhel9-operator:22-16", "product_name": "Red Hat build of Keycloak 22", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1868", "cpe": "cpe:/a:redhat:build_keycloak:22", "product_name": "Red Hat build of Keycloak 22.0.10", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:0804", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package": "keycloak", "product_name": "Red Hat Single Sign-On 7", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:0798", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:1860", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:0799", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:1861", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:0800", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:1862", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:0801", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-41", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:1864", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-46", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1865", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso7-rhel8-init-container:7.6-16", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1865", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso7-rhel8-operator:7.6-18", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1865", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso7-rhel8-operator-bundle:7.6.8-2", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1866", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package": "keycloak-rhel9-operator-bundle-container", "product_name": "RHSSO 7.6.8", "release_date": "2024-04-16T00:00:00Z"}], "bugzilla": {"description": "keycloak: Log Injection during WebAuthn authentication or registration", "id": "2248423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-117", "details": ["A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity."], "name": "CVE-2023-6484", "public_date": "2023-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6484\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6484"], "threat_severity": "Low"}