← voltar
CVE-2023-6484

Keycloak: log injection during webauthn authentication or registration

CVSS 5.3 MEDIUMEPSS 1.0%CWE-117
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
keycloakRed Hat · Red Hat build of Keycloak 22Red Hat · Red Hat build of Keycloak 22.0.10Red Hat · Red Hat Single Sign-On 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 8Red Hat · Red Hat Single Sign-On 7.6 for RHEL 9Red Hat · RHEL-8 based Middleware ContainersRed Hat · RHSSO 7.6.8

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2024:0798https://access.redhat.com/errata/RHSA-2024:0799https://access.redhat.com/errata/RHSA-2024:0800https://access.redhat.com/errata/RHSA-2024:0801https://access.redhat.com/errata/RHSA-2024:0804https://access.redhat.com/errata/RHSA-2024:1860https://access.redhat.com/errata/RHSA-2024:1861https://access.redhat.com/errata/RHSA-2024:1862https://access.redhat.com/errata/RHSA-2024:1864https://access.redhat.com/errata/RHSA-2024:1865https://access.redhat.com/errata/RHSA-2024:1866https://access.redhat.com/errata/RHSA-2024:1867