Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
This CVE is mitigated by the 'User Profile' functionality, which was introduced in Keycloak 24. This feature introduces additional validation which prevents this vulnerability from being exploited.
Tue, 01 Oct 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Tue, 01 Oct 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 23 Sep 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat keycloak
Redhat single Sign-on |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Redhat keycloak
Redhat single Sign-on |
Tue, 10 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Sep 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 10 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. | |
Title | Keycloak: amount of attributes per object is not limited and it may lead to dos | |
First Time appeared |
Redhat
Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat mobile Application Platform Redhat openshift Application Runtimes Redhat red Hat Single Sign On |
|
Weaknesses | CWE-231 | |
CPEs | cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:mobile_application_platform:4 cpe:/a:redhat:openshift_application_runtimes:1.0 cpe:/a:redhat:red_hat_single_sign_on:7 |
|
Vendors & Products |
Redhat
Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat mobile Application Platform Redhat openshift Application Runtimes Redhat red Hat Single Sign On |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-09-18T17:25:03.462Z
Reserved: 2023-12-15T12:33:39.292Z
Link: CVE-2023-6841

Updated: 2024-09-10T18:56:08.476Z

Status : Modified
Published: 2024-09-10T17:15:15.170
Modified: 2024-10-01T14:15:05.207
Link: CVE-2023-6841


No data.