CVE-2023-6717 - Vulnerability Details

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00088.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Amq Broker Build Keycloak Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Bpms Platform Jboss Enterprise Brms Platform Jboss Fuse Jbosseapxp Migration Toolkit Applications Openshift Gitops Openshift Serverless Quarkus Red Hat Single Sign On Rhdh Service Registry

No data.

Package	CPE	Advisory	Released Date
Red Hat AMQ Broker 7
keycloak	cpe:/a:redhat:amq_broker:7.12	RHSA-2024:2945	2024-05-21T00:00:00Z
Red Hat build of Keycloak 22
rhbk/keycloak-operator-bundle:22.0.10-1	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
rhbk/keycloak-rhel9:22-13	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
rhbk/keycloak-rhel9-operator:22-16	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
Red Hat build of Keycloak 22.0.10
keycloak	cpe:/a:redhat:build_keycloak:22	RHSA-2024:1868	2024-04-16T00:00:00Z
RHOSS-1.33-RHEL-8
openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-data-index-postgresql-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-operator-bundle:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-rhel8-operator:1.33.0-3	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-swf-builder-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-swf-devmode-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
RHPAM 7.13.5 async
	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13	RHSA-2024:1353	2024-03-18T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-1164	A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
Github GHSA	GHSA-8rmm-gm28-pj8q	Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:1353
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/errata/RHSA-2024:2945
https://access.redhat.com/errata/RHSA-2024:4057
https://access.redhat.com/security/cve/CVE-2023-6717
https://bugzilla.redhat.com/show_bug.cgi?id=2253952
https://nvd.nist.gov/vuln/detail/CVE-2023-6717
https://www.cve.org/CVERecord?id=CVE-2023-6717

History

Thu, 19 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2024:1353

Thu, 29 Aug 2024 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-25T16:02:03.267Z

Updated: 2025-11-07T20:40:22.228Z

Reserved: 2023-12-12T07:30:43.924Z

Link: CVE-2023-6717

Vulnrichment

Updated: 2024-08-02T08:35:14.887Z

NVD

Status : Awaiting Analysis

Published: 2024-04-25T16:15:10.653

Modified: 2024-11-21T08:44:24.813

Link: CVE-2023-6717

Redhat

Severity : Moderate

Publid Date: 2024-04-16T00:00:00Z

Links: CVE-2023-6717 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object