Lucene search
Redhat.comRH:CVE-2017-12160HistoryOct 17, 2017 - 7:49 p.m.
CVE-2017-12160
2017-10-1719:49:33
redhat.com
access.redhat.com
11
EPSS
0.002
Percentile
54.2%
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
Related
osv
osv
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
github
github
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
cve
cve
CVE-2017-12160
2017-10-26 17:29:00
cvelist
cvelist
CVE-2017-12160
2017-10-17 00:00:00
veracode
veracode
Reusable Refresh Tokens
2017-10-27 02:26:01
prion
prion
Authentication flaw
2017-10-26 17:29:00
nvd
nvd
CVE-2017-12160
2017-10-26 17:29:00
nessus
nessus
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
RHEL 7 : rh-sso7-keycloak (RHSA-2017:2905)
2017-10-19 00:00:00
redhat
redhat
(RHSA-2017:2904) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:36
(RHSA-2017:2906) Moderate: Red Hat Single Sign-On security update
2017-10-17 19:41:35
(RHSA-2017:2905) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:56