CVE-2023-6484 : A log injection flaw was found in Keycloak. A text string may be injected throug

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.

Published 2024-04-25 16:15:10

Updated 2024-04-25 17:25:06

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-6484

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-6484

EPSS FAQ

1.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6484

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	Red Hat, Inc.	2024-04-25
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	N/A	N/A	RedHat-CVE-2023-6484
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2023-6484

CWE-117 Improper Output Neutralization for Logs

The product does not neutralize or incorrectly neutralizes output that is written to logs.

Assigned by: secalert@redhat.com (Primary)

References for CVE-2023-6484

https://bugzilla.redhat.com/show_bug.cgi?id=2248423

2248423 – (CVE-2023-6484) CVE-2023-6484 keycloak: Log Injection during WebAuthn authentication or registration
https://access.redhat.com/errata/RHSA-2024:0804

RHSA-2024:0804 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2024:0801

RHSA-2024:0801 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2024:1861

RHSA-2024:1861 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2024:1864

RHSA-2024:1864 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2024:1867

RHSA-2024:1867 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2024:1860

RHSA-2024:1860 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2024:0798

RHSA-2024:0798 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2024:1866

RHSA-2024:1866 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2024:1865

RHSA-2024:1865 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2024:1868

RHSA-2024:1868 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2024:0799

RHSA-2024:0799 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2024:0800

RHSA-2024:0800 - Security Advisory - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2023-6484

CVE-2023-6484- Red Hat Customer Portal
https://access.redhat.com/errata/RHSA-2024:1862

RHSA-2024:1862 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-6484

Products affected by CVE-2023-6484

Exploit prediction scoring system (EPSS) score for CVE-2023-6484

CVSS scores for CVE-2023-6484

CWE ids for CVE-2023-6484

References for CVE-2023-6484