Skip to content

Commit

Permalink
Merge pull request #5117 from Chetven/GHSA-9vm7-v8wj-3fqw
Browse files Browse the repository at this point in the history
  • Loading branch information
@advisory-database
advisory-database[bot] authored Dec 26, 2024
2 parents c82dd2f + 7f30962 commit 1e0a33c
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions advisories/github-reviewed/2024/01/GHSA-9vm7-v8wj-3fqw/GHSA-9vm7-v8wj-3fqw.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@
"id": "GHSA-9vm7-v8wj-3fqw",
"modified": "2024-01-23T14:43:50Z",
"published": "2024-01-23T14:43:50Z",
"aliases": [],
"aliases": [
"CVE-2023-6927"
],
"summary": "keycloak-core: open redirect via \"form_post.jwt\" JARM response mode",
"details": "An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\". It is observed that changing the response_mode parameter in the original proof of concept from \"form_post\" to \"form_post.jwt\" can bypass the security patch implemented to address CVE-2023-6134.",
"severity": [],
Expand Down Expand Up @@ -47,4 +49,4 @@
"github_reviewed_at": "2024-01-23T14:43:50Z",
"nvd_published_at": null
}
}
}

0 comments on commit 1e0a33c

Please sign in to comment.