Log injection in Keycloak



| Updated: 2024-04-17
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-6484
CWE-ID CWE-117
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Keycloak
Server applications / Directory software, identity management

Vendor Keycloak

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Output Neutralization for Logs

EUVDB-ID: #VU86549

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-6484

CWE-ID: CWE-117 - Improper Output Neutralization for Logs

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data in log files.

The vulnerability exists due to improper input validation during WebAuthn authentication or registration. A remote attacker can manipulate data in log files when using the WebAuthn authentication mode.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Keycloak: 22.0.0 - 23.0.4

CPE2.3 External links

https://bugzilla.redhat.com/show_bug.cgi?id=2248423
https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5
https://access.redhat.com/errata/RHSA-2024:1867
https://access.redhat.com/errata/RHSA-2024:1868


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###