CVE-2023-3597

{"id": "CVE-2023-3597", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}]}, "published": "2024-04-25T13:15:50.523", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1866", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1867", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1868", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-3597", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1867", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1868", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-3597", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Keycloak, donde no valida correctamente la autenticaci\u00f3n incremental de su cliente en org.keycloak.authentication. Esta falla permite que un usuario remoto autenticado con una contrase\u00f1a registre un segundo factor de autenticaci\u00f3n falso junto con uno existente y omita la autenticaci\u00f3n."}], "lastModified": "2024-11-21T08:17:38.007", "sourceIdentifier": "secalert@redhat.com"}