CVE-2023-6927
Keycloak: open redirect via "form_post.jwt" jarm response mode
CVSS Score
4.6
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
| CWE | CWE-601 |
| Vendor | red hat |
| Product | red hat build of keycloak 22 |
| Published | Dec 18, 2023 |
| Last Updated | Nov 11, 2025 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat build of keycloak 22
Be the first to know when new medium vulnerabilities affecting red hat red hat build of keycloak 22 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Red Hat / Red Hat build of Keycloak 22
All versions affected Red Hat / Red Hat build of Keycloak 22.0.8
All versions affected Red Hat / Red Hat Single Sign-On 7
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 7
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 7
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 8
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 8
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 9
All versions affected Red Hat / Red Hat Single Sign-On 7.6 for RHEL 9
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / Single Sign-On 7.6.6
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0094 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0095 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0096 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0097 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0098 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0100 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0101 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0798 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0799 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0800 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0801 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0804 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-6927 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2255027
Credits
Red Hat would like to thank Pontus Hanssen ([email protected]) for reporting this issue.