CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:7854	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7855	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7856	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7857	Exploit Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7858	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7860	Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7861	Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/security/cve/CVE-2023-6134	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2249673	Issue Tracking

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

History

14 Feb 2024, 03:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0798 - () https://access.redhat.com/errata/RHSA-2024:0799 - () https://access.redhat.com/errata/RHSA-2024:0800 - () https://access.redhat.com/errata/RHSA-2024:0801 - () https://access.redhat.com/errata/RHSA-2024:0804 -

02 Feb 2024, 16:18

Type	Values Removed	Values Added
First Time		Redhat enterprise Linux Redhat openshift Container Platform For Power Redhat openshift Container Platform Ibm Z Systems Redhat openshift Container Platform
CWE	~~CWE-74~~
References	~~() https://access.redhat.com/errata/RHSA-2023:7857 - Vendor Advisory~~	() https://access.redhat.com/errata/RHSA-2023:7857 - Exploit, Vendor Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::* cpe:2.3:a:redhat:single_sign-on:-::::text-only::: cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:::::::*

29 Dec 2023, 05:15

Type	Values Removed	Values Added
CWE	~~CWE-75~~

20 Dec 2023, 20:29

Type	Values Removed	Values Added
First Time		Redhat keycloak Redhat single Sign-on Redhat
CWE		CWE-79 CWE-74
CVSS	v2 : ~~unknown~~ v3 : ~~4.6~~	v2 : unknown v3 : 5.4
CPE		cpe:2.3:a:redhat:keycloak:::::::: cpe:2.3:a:redhat:single_sign-on::::::::
Summary		(es) Se encontró una falla en Keycloak que impide ciertos esquemas en las redirecciones, pero los permite si se agrega un comodín al token. Este problema podría permitir que un atacante envíe una solicitud especialmente manipulada que dé lugar a cross-site scripting (XSS) o más ataques. Esta falla es el resultado de una solución incompleta para CVE-2020-10748.
References	~~() https://access.redhat.com/errata/RHSA-2023:7854 -~~	() https://access.redhat.com/errata/RHSA-2023:7854 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7855 -~~	() https://access.redhat.com/errata/RHSA-2023:7855 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7856 -~~	() https://access.redhat.com/errata/RHSA-2023:7856 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7857 -~~	() https://access.redhat.com/errata/RHSA-2023:7857 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7858 -~~	() https://access.redhat.com/errata/RHSA-2023:7858 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7860 -~~	() https://access.redhat.com/errata/RHSA-2023:7860 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7861 -~~	() https://access.redhat.com/errata/RHSA-2023:7861 - Vendor Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2023-6134 -~~	() https://access.redhat.com/security/cve/CVE-2023-6134 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2249673 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2249673 - Issue Tracking

14 Dec 2023, 22:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-14 22:15

Updated : 2024-02-14 03:15

NVD link : CVE-2023-6134

Mitre link : CVE-2023-6134

CVE.ORG link : CVE-2023-6134

JSON object : View

Products Affected

redhat

single_sign-on
enterprise_linux
keycloak
openshift_container_platform_ibm_z_systems
openshift_container_platform
openshift_container_platform_for_power

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

JSON object

Attach tags to CVE-2023-6134

5.4^/10

Attach tags to `CVE-2023-6134`