A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Redhat |
|
No data.
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat build of Keycloak 22 | |||
| rhbk/keycloak-operator-bundle:22.0.10-1 | cpe:/a:redhat:build_keycloak:22::el9 | RHSA-2024:1867 | 2024-04-16T00:00:00Z |
| rhbk/keycloak-rhel9:22-13 | cpe:/a:redhat:build_keycloak:22::el9 | RHSA-2024:1867 | 2024-04-16T00:00:00Z |
| rhbk/keycloak-rhel9-operator:22-16 | cpe:/a:redhat:build_keycloak:22::el9 | RHSA-2024:1867 | 2024-04-16T00:00:00Z |
| Red Hat build of Keycloak 22.0.10 | |||
| cpe:/a:redhat:build_keycloak:22 | RHSA-2024:1868 | 2024-04-16T00:00:00Z | |
| Red Hat Single Sign-On 7 | |||
| keycloak | cpe:/a:redhat:red_hat_single_sign_on:7.6 | RHSA-2024:0804 | 2024-02-13T00:00:00Z |
| Red Hat Single Sign-On 7.6 for RHEL 7 | |||
| rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 | RHSA-2024:0798 | 2024-02-13T00:00:00Z |
| rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 | RHSA-2024:1860 | 2024-04-16T00:00:00Z |
| Red Hat Single Sign-On 7.6 for RHEL 8 | |||
| rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 | RHSA-2024:0799 | 2024-02-13T00:00:00Z |
| rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 | RHSA-2024:1861 | 2024-04-16T00:00:00Z |
| Red Hat Single Sign-On 7.6 for RHEL 9 | |||
| rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 | RHSA-2024:0800 | 2024-02-13T00:00:00Z |
| rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso | cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 | RHSA-2024:1862 | 2024-04-16T00:00:00Z |
| RHEL-8 based Middleware Containers | |||
| rh-sso-7/sso76-openshift-rhel8:7.6-41 | cpe:/a:redhat:rhosemc:1.0::el8 | RHSA-2024:0801 | 2024-02-13T00:00:00Z |
| rh-sso-7/sso76-openshift-rhel8:7.6-46 | cpe:/a:redhat:rhosemc:1.0::el8 | RHSA-2024:1864 | 2024-04-16T00:00:00Z |
| rh-sso-7/sso7-rhel8-init-container:7.6-16 | cpe:/a:redhat:rhosemc:1.0::el8 | RHSA-2024:1865 | 2024-04-16T00:00:00Z |
| rh-sso-7/sso7-rhel8-operator:7.6-18 | cpe:/a:redhat:rhosemc:1.0::el8 | RHSA-2024:1865 | 2024-04-16T00:00:00Z |
| rh-sso-7/sso7-rhel8-operator-bundle:7.6.8-2 | cpe:/a:redhat:rhosemc:1.0::el8 | RHSA-2024:1865 | 2024-04-16T00:00:00Z |
| RHSSO 7.6.8 | |||
| keycloak-rhel9-operator-bundle-container | cpe:/a:redhat:red_hat_single_sign_on:7.6 | RHSA-2024:1866 | 2024-04-16T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T15:58:18.169Z
Updated: 2024-09-16T17:37:48.100Z
Reserved: 2023-12-04T10:48:43.809Z
Link: CVE-2023-6484
Vulnrichment
Updated: 2024-08-02T08:28:21.872Z
NVD
Status : Awaiting Analysis
Published: 2024-04-25T16:15:09.743
Modified: 2024-04-25T17:25:05.903
Link: CVE-2023-6484
Redhat