CVE-2023-0264

MEDIUM

Keycloak - Privilege Escalation

Title source: llm

Description

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.

Exploits (1)

nomisec WORKING POC 7 stars

by twwd · poc

https://github.com/twwd/CVE-2023-0264

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2023-0264

Scores

CVSS v3 5.0

EPSS 0.0405

EPSS Percentile 88.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-287

Status published

Products (10)

org.keycloak/keycloak-services 0 - 21.0.1Maven

redhat/keycloak < 18.0.6

redhat/openshift_container_platform 4.9

redhat/openshift_container_platform 4.10

redhat/openshift_container_platform_for_ibm_linuxone 4.9

redhat/openshift_container_platform_for_ibm_linuxone 4.10

redhat/openshift_container_platform_ibm_z_systems 4.9

redhat/openshift_container_platform_ibm_z_systems 4.10

redhat/single_sign-on

redhat/single_sign-on < 7.6.2

Published Aug 04, 2023

Tracked Since Feb 18, 2026