CVE-2023-2422

CVE-2023-2422

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.

Source: CVE-2023-2422

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다