CVE-2023-6841
HIGHKeycloak < 24.0.0 - Denial of Service via Unlimited Attribute Values
Title source: llmDescription
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
References (2)
Core 2
Core References
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-6841
Issue Tracking, Vendor Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2254714
Scores
CVSS v3
7.5
EPSS
0.0061
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-231
Status
published
Products (3)
org.keycloak/keycloak-core
0 - 24.0.0Maven
redhat/keycloak
redhat/single_sign-on
7.0
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026