A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-6841 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2254714 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Sep 2024, 15:19
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
First Time |
Redhat
Redhat single Sign-on Redhat keycloak |
|
References | () https://access.redhat.com/security/cve/CVE-2023-6841 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2254714 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
Summary |
|
|
CPE | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* |
10 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-10 17:15
Updated : 2024-10-01 14:15
NVD link : CVE-2023-6841
Mitre link : CVE-2023-6841
CVE.ORG link : CVE-2023-6841
JSON object : View
Products Affected
redhat
- single_sign-on
- keycloak
CWE