A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.
Fixes

Solution

No solution given by the vendor.


Workaround

No mitigation is currently available for this flaw.

History

Sun, 24 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-07T11:11:58.818Z

Reserved: 2023-12-06T05:42:36.249Z

Link: CVE-2023-6544

cve-icon Vulnrichment

Updated: 2024-08-02T08:35:14.454Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T16:15:10.097

Modified: 2024-11-21T08:44:03.880

Link: CVE-2023-6544

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-16T00:00:00Z

Links: CVE-2023-6544 - Bugzilla

cve-icon OpenCVE Enrichment

No data.