CVE-2023-6717 - Vulnerability Details

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00088.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

unaffected

Version	Status	Constraints
`0`	affected	< 22.0.10
`24.0.0`	affected	< 24.0.3

Red Hat Red Hat AMQ Broker 7 unaffected —

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22.0.10-1`	unaffected	< *

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22-13`	unaffected	< *

Red Hat

Red Hat build of Keycloak 22

affected

Version	Status	Constraints
`22-16`	unaffected	< *

Red Hat Red Hat build of Keycloak 22.0.10 unaffected —

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-5`	unaffected	< *

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-5`	unaffected	< *

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-5`	unaffected	< *

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-5`	unaffected	< *

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-5`	unaffected	< *

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-5`	unaffected	< *

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-3`	unaffected	< *

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-5`	unaffected	< *

Red Hat

RHOSS-1.33-RHEL-8

affected

Version	Status	Constraints
`1.33.0-5`	unaffected	< *

Red Hat RHPAM 7.13.5 async unaffected —

Red Hat Migration Toolkit for Applications 6 affected —

Red Hat Migration Toolkit for Applications 7 unaffected —

Red Hat Red Hat build of Apicurio Registry 2 affected —

Red Hat Red Hat build of Quarkus unaffected —

Red Hat Red Hat Data Grid 8 affected —

Red Hat Red Hat Decision Manager 7 affected —

Red Hat Red Hat Developer Hub unaffected —

Red Hat Red Hat Fuse 7 affected —

Red Hat Red Hat JBoss Data Grid 7 affected —

Red Hat Red Hat JBoss Enterprise Application Platform 6 unknown —

Red Hat Red Hat JBoss Enterprise Application Platform 7 unaffected —

Red Hat Red Hat JBoss Enterprise Application Platform 8 unaffected —

Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack unaffected —

Red Hat Red Hat OpenShift GitOps affected —

Red Hat Red Hat Process Automation 7 affected —

Red Hat Red Hat Single Sign-On 7 affected —

No data.

Package	CPE	Advisory	Released Date
Red Hat AMQ Broker 7
keycloak	cpe:/a:redhat:amq_broker:7.12	RHSA-2024:2945	2024-05-21T00:00:00Z
Red Hat build of Keycloak 22
rhbk/keycloak-operator-bundle:22.0.10-1	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
rhbk/keycloak-rhel9:22-13	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
rhbk/keycloak-rhel9-operator:22-16	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:1867	2024-04-16T00:00:00Z
Red Hat build of Keycloak 22.0.10
keycloak	cpe:/a:redhat:build_keycloak:22	RHSA-2024:1868	2024-04-16T00:00:00Z
RHOSS-1.33-RHEL-8
openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-data-index-postgresql-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-operator-bundle:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-rhel8-operator:1.33.0-3	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-swf-builder-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
openshift-serverless-1/logic-swf-devmode-rhel8:1.33.0-5	cpe:/a:redhat:openshift_serverless:1.33::el8	RHSA-2024:4057	2024-06-24T00:00:00Z
RHPAM 7.13.5 async
	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13	RHSA-2024:1353	2024-03-18T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Redhat Subscribe	Amq Broker Subscribe Build Keycloak Subscribe Jboss Data Grid Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Bpms Platform Subscribe Jboss Enterprise Brms Platform Subscribe Jboss Fuse Subscribe Jbosseapxp Subscribe Migration Toolkit Applications Subscribe Openshift Gitops Subscribe Openshift Serverless Subscribe Quarkus Subscribe Red Hat Single Sign On Subscribe Rhdh Subscribe Service Registry Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-1164	A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
Github GHSA	GHSA-8rmm-gm28-pj8q	Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:1353
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/errata/RHSA-2024:2945
https://access.redhat.com/errata/RHSA-2024:4057
https://access.redhat.com/security/cve/CVE-2023-6717
https://bugzilla.redhat.com/show_bug.cgi?id=2253952
https://nvd.nist.gov/vuln/detail/CVE-2023-6717
https://www.cve.org/CVERecord?id=CVE-2023-6717

History

Thu, 19 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2024:1353

Thu, 29 Aug 2024 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-25T16:02:03.267Z

Updated: 2026-01-03T12:05:05.207Z

Reserved: 2023-12-12T07:30:43.924Z

Link: CVE-2023-6717

Vulnrichment

Updated: 2024-08-02T08:35:14.887Z

NVD

Status : Awaiting Analysis

Published: 2024-04-25T16:15:10.653

Modified: 2024-11-21T08:44:24.813

Link: CVE-2023-6717

Redhat

Severity : Moderate

Publid Date: 2024-04-16T00:00:00Z

Links: CVE-2023-6717 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object