We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
Reserved 2023-02-02 | Published 2024-11-17 | Updated 2024-11-17 | Assigner redhatImproper Check for Dropped Privileges
2023-02-02: | Reported to Red Hat. |
2024-04-16: | Made public. |
access.redhat.com/errata/RHSA-2024:1867 (RHSA-2024:1867)
access.redhat.com/errata/RHSA-2024:1868 (RHSA-2024:1868)
access.redhat.com/security/cve/CVE-2023-0657
bugzilla.redhat.com/show_bug.cgi?id=2166728 (RHBZ#2166728)
Support options