Security Advisory

CVE-2023-2422

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-04 10:59:30

Last updated 2024-08-02 06:19:15

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.

← Browse all CVEs View on cve.org ↗