Lucene search
GoogleOSV:GHSA-QC72-GFVW-76H7HistoryMay 13, 2022 - 1:23 a.m.
Keycloak Oauth Implementation Error
2022-05-1301:23:16
Google
osv.dev
11
keycloak
oauth
implementation
error
authentication
server
indefinite usage
permission revocation
attacker
compromised resource
further attacks
EPSS
0.002
Percentile
54.2%
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
Related
cve
cve
CVE-2017-12160
2017-10-26 17:29:00
github
github
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
cvelist
cvelist
CVE-2017-12160
2017-10-17 00:00:00
redhatcve
redhatcve
CVE-2017-12160
2017-10-17 19:49:33
nvd
nvd
CVE-2017-12160
2017-10-26 17:29:00
prion
prion
Authentication flaw
2017-10-26 17:29:00
veracode
veracode
Reusable Refresh Tokens
2017-10-27 02:26:01
nessus
nessus
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
RHEL 7 : rh-sso7-keycloak (RHSA-2017:2905)
2017-10-19 00:00:00
redhat
redhat
(RHSA-2017:2904) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:36
(RHSA-2017:2906) Moderate: Red Hat Single Sign-On security update
2017-10-17 19:41:35
(RHSA-2017:2905) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:56