A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00394.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Redhat
  • Build Keycloak
  • Red Hat Single Sign On
  • Rhosemc

No data.

Package CPE Advisory Released Date
Red Hat build of Keycloak 22
rhbk/keycloak-operator-bundle:22.0.10-1 cpe:/a:redhat:build_keycloak:22::el9 RHSA-2024:1867 2024-04-16T00:00:00Z
rhbk/keycloak-rhel9:22-13 cpe:/a:redhat:build_keycloak:22::el9 RHSA-2024:1867 2024-04-16T00:00:00Z
rhbk/keycloak-rhel9-operator:22-16 cpe:/a:redhat:build_keycloak:22::el9 RHSA-2024:1867 2024-04-16T00:00:00Z
Red Hat build of Keycloak 22.0.10
cpe:/a:redhat:build_keycloak:22 RHSA-2024:1868 2024-04-16T00:00:00Z
Red Hat Single Sign-On 7
keycloak cpe:/a:redhat:red_hat_single_sign_on:7.6 RHSA-2024:0804 2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 RHSA-2024:0798 2024-02-13T00:00:00Z
rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 RHSA-2024:1860 2024-04-16T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 RHSA-2024:0799 2024-02-13T00:00:00Z
rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 RHSA-2024:1861 2024-04-16T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 RHSA-2024:0800 2024-02-13T00:00:00Z
rh-sso7-keycloak-0:18.0.13-1.redhat_00001.1.el9sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 RHSA-2024:1862 2024-04-16T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-41 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2024:0801 2024-02-13T00:00:00Z
rh-sso-7/sso76-openshift-rhel8:7.6-46 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2024:1864 2024-04-16T00:00:00Z
rh-sso-7/sso7-rhel8-init-container:7.6-16 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2024:1865 2024-04-16T00:00:00Z
rh-sso-7/sso7-rhel8-operator:7.6-18 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2024:1865 2024-04-16T00:00:00Z
rh-sso-7/sso7-rhel8-operator-bundle:7.6.8-2 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2024:1865 2024-04-16T00:00:00Z
RHSSO 7.6.8
keycloak-rhel9-operator-bundle-container cpe:/a:redhat:red_hat_single_sign_on:7.6 RHSA-2024:1866 2024-04-16T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-1229 A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
Github GHSA Github GHSA GHSA-j628-q885-8gr5 Keycloak vulnerable to log Injection during WebAuthn authentication or registration
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://access.redhat.com/errata/RHSA-2024:0798 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0799 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0800 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0801 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0804 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1860 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1861 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1862 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1864 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1865 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1866 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1867 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1868 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-6484 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2248423 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-6484 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-6484 cve-icon
History

Sun, 24 Nov 2024 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-12T20:09:35.522Z

Reserved: 2023-12-04T10:48:43.809Z

Link: CVE-2023-6484

cve-icon Vulnrichment

Updated: 2024-08-02T08:28:21.872Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T16:15:09.743

Modified: 2024-11-21T08:43:56.590

Link: CVE-2023-6484

cve-icon Redhat

Severity : Low

Publid Date: 2023-12-04T00:00:00Z

Links: CVE-2023-6484 - Bugzilla

cve-icon OpenCVE Enrichment

No data.