A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Sep 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 10 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. | |
Title | Keycloak: amount of attributes per object is not limited and it may lead to dos | |
First Time appeared |
Redhat
Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat mobile Application Platform Redhat openshift Application Runtimes Redhat red Hat Single Sign On |
|
Weaknesses | CWE-231 | |
CPEs | cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:mobile_application_platform:4 cpe:/a:redhat:openshift_application_runtimes:1.0 cpe:/a:redhat:red_hat_single_sign_on:7 |
|
Vendors & Products |
Redhat
Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat mobile Application Platform Redhat openshift Application Runtimes Redhat red Hat Single Sign On |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-10T16:15:32.639Z
Updated: 2024-09-17T08:14:53.292Z
Reserved: 2023-12-15T12:33:39.292Z
Link: CVE-2023-6841
Vulnrichment
Updated: 2024-09-10T18:56:08.476Z
NVD
Status : Awaiting Analysis
Published: 2024-09-10T17:15:15.170
Modified: 2024-09-10T17:43:14.410
Link: CVE-2023-6841
Redhat