U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2023-6717

Change History

New CVE Received by NIST 4/25/2024 12:15:10 PM

Action Type Old Value New Value
Added CVSS V3.1

Red Hat, Inc. AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Added CWE

Red Hat, Inc. CWE-79
Added Description

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
Added Reference

Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:1867 [No types assigned]
Added Reference

Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:1868 [No types assigned]
Added Reference

Red Hat, Inc. https://access.redhat.com/security/cve/CVE-2023-6717 [No types assigned]
Added Reference

Red Hat, Inc. https://bugzilla.redhat.com/show_bug.cgi?id=2253952 [No types assigned]