A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T15:58:47.204Z
Updated: 2024-06-04T17:17:10.747Z
Reserved: 2023-12-06T05:42:36.249Z
Link: CVE-2023-6544
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-25T16:15:10.097
Modified: 2024-04-25T17:24:59.967
Link: CVE-2023-6544
JSON object: View
Redhat Information
No data.
CWE