CVE-2023-6544

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
redhatCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:1860
https://access.redhat.com/errata/RHSA-2024:1861
https://access.redhat.com/errata/RHSA-2024:1862
https://access.redhat.com/errata/RHSA-2024:1864
https://access.redhat.com/errata/RHSA-2024:1866
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/security/cve/CVE-2023-6544
https://bugzilla.redhat.com/show_bug.cgi?id=2253116
https://access.redhat.com/errata/RHSA-2024:1860
https://access.redhat.com/errata/RHSA-2024:1861
https://access.redhat.com/errata/RHSA-2024:1862
https://access.redhat.com/errata/RHSA-2024:1864
https://access.redhat.com/errata/RHSA-2024:1866
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868
https://access.redhat.com/security/cve/CVE-2023-6544
https://bugzilla.redhat.com/show_bug.cgi?id=2253116