CVE-2023-6544

MEDIUM

Keycloak - Unauthorized Dynamic Client Registration via TrustedDomain Regex

Title source: manual
STIX 2.1

Description

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.

References (9)

Core 9
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1860
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1861
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1862
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1864
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1866
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1867
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1868
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-6544
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2253116

Scores

CVSS v3 5.4
EPSS 0.0131
EPSS Percentile 80.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-625
Status published
Products (10)
org.keycloak/keycloak-services 0 - 22.0.10Maven
Red Hat/Red Hat build of Keycloak 22 22-13
Red Hat/Red Hat build of Keycloak 22 22-16
Red Hat/Red Hat build of Keycloak 22 22.0.10-1
Red Hat/Red Hat build of Keycloak 22.0.10
Red Hat/Red Hat Single Sign-On 7.6 for RHEL 7 0:18.0.13-1.redhat_00001.1.el7sso
Red Hat/Red Hat Single Sign-On 7.6 for RHEL 8 0:18.0.13-1.redhat_00001.1.el8sso
Red Hat/Red Hat Single Sign-On 7.6 for RHEL 9 0:18.0.13-1.redhat_00001.1.el9sso
Red Hat/RHEL-8 based Middleware Containers 7.6-46
Red Hat/RHSSO 7.6.8
Published Apr 25, 2024
Tracked Since Feb 18, 2026