CVE-2023-6927 - Vulnerability Details

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00563.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Build Keycloak Keycloak Red Hat Single Sign On Rhosemc Single Sign-on

Configuration 1 [-]

cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat build of Keycloak 22
rhbk/keycloak-rhel9:22-7	cpe:/a:redhat:build_keycloak:22::el9	RHSA-2024:0100	2024-01-09T00:00:00Z
Red Hat build of Keycloak 22.0.8
keycloak-core	cpe:/a:redhat:build_keycloak:22	RHSA-2024:0101	2024-01-09T00:00:00Z
Red Hat Single Sign-On 7
keycloak-core	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2024:0804	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.11-3.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2024:0094	2024-01-09T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2024:0798	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.11-3.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2024:0095	2024-01-09T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2024:0799	2024-02-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.11-3.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2024:0096	2024-01-09T00:00:00Z
rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2024:0800	2024-02-13T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-39	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:0097	2024-01-09T00:00:00Z
rh-sso-7/sso76-openshift-rhel8:7.6-41	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2024:0801	2024-02-13T00:00:00Z
Single Sign-On 7.6.6
keycloak-core	cpe:/a:redhat:red_hat_single_sign_on:7.6.6	RHSA-2024:0098	2024-01-09T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-0318	A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Github GHSA	GHSA-9vm7-v8wj-3fqw	keycloak-core: open redirect via "form_post.jwt" JARM response mode

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:0094
https://access.redhat.com/errata/RHSA-2024:0095
https://access.redhat.com/errata/RHSA-2024:0096
https://access.redhat.com/errata/RHSA-2024:0097
https://access.redhat.com/errata/RHSA-2024:0098
https://access.redhat.com/errata/RHSA-2024:0100
https://access.redhat.com/errata/RHSA-2024:0101
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/security/cve/CVE-2023-6927
https://bugzilla.redhat.com/show_bug.cgi?id=2255027
https://nvd.nist.gov/vuln/detail/CVE-2023-6927
https://www.cve.org/CVERecord?id=CVE-2023-6927

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-18T22:59:07.495Z

Updated: 2025-10-09T23:59:58.241Z

Reserved: 2023-12-18T15:44:40.245Z

Link: CVE-2023-6927

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-18T23:15:10.027

Modified: 2024-11-21T08:44:51.110

Link: CVE-2023-6927

Redhat

Severity : Moderate

Publid Date: 2023-12-18T00:00:00Z

Links: CVE-2023-6927 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object