CVE-2023-6484
Keycloak: log injection during webauthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
keycloakRed Hat · Red Hat build of Keycloak 22Red Hat · Red Hat build of Keycloak 22.0.10Red Hat · Red Hat Single Sign-On 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 7Red Hat · Red Hat Single Sign-On 7.6 for RHEL 8Red Hat · Red Hat Single Sign-On 7.6 for RHEL 9Red Hat · RHEL-8 based Middleware ContainersRed Hat · RHSSO 7.6.8¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2024:0798https://access.redhat.com/errata/RHSA-2024:0799https://access.redhat.com/errata/RHSA-2024:0800https://access.redhat.com/errata/RHSA-2024:0801https://access.redhat.com/errata/RHSA-2024:0804https://access.redhat.com/errata/RHSA-2024:1860https://access.redhat.com/errata/RHSA-2024:1861https://access.redhat.com/errata/RHSA-2024:1862https://access.redhat.com/errata/RHSA-2024:1864https://access.redhat.com/errata/RHSA-2024:1865https://access.redhat.com/errata/RHSA-2024:1866https://access.redhat.com/errata/RHSA-2024:1867