A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.keycloak:keycloak-services(Maven) | 0 | 21.0.1 | N/A |
CVSS Metrics
