FKIE_CVE-2023-6717

Vulnerability from fkie_nvd - Published: 2024-04-25 16:15 - Updated: 2024-11-21 08:44
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Summary
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1353
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1867
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1868
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2945
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:4057
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-6717
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2253952
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1867
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1868
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2945
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:4057
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-6717
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2253952
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en el registro del cliente SAML en Keycloak que podr\u00eda permitir a un administrador registrar URI de JavaScript maliciosos como URL de enlace POST (ACS) del servicio de consumidor de aserci\u00f3n, lo que plantea un riesgo de Cross-Site Scripting (XSS). Este problema puede permitir que un administrador malicioso en un dominio o un cliente con acceso de registro se dirija a usuarios en diferentes dominios o aplicaciones, ejecutando JavaScript arbitrario en sus contextos al enviar el formulario. Esto puede permitir acceso no autorizado y acciones da\u00f1inas, comprometiendo la confidencialidad, integridad y disponibilidad de la instancia de KC completa."
    }
  ],
  "id": "CVE-2023-6717",
  "lastModified": "2024-11-21T08:44:24.813",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.5,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-25T16:15:10.653",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1353"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1867"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1868"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2945"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:4057"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2023-6717"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:4057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/security/cve/CVE-2023-6717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.