CVE-2023-0657

LOW Year: 2023
CVSS v3 Score
3.4
Low
Weakness Type
CWE-273
View all →

Vulnerability Description

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

Related Vulnerabilities

CVE-2021-37839

MEDIUM
CVSS:4.3(Medium)

Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.

CWE-2732021

CVE-2023-52433

MEDIUM
CVSS:4.4(Medium)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before s...

CWE-2732023

CVE-2021-47129

MEDIUM
CVSS:4.6(Medium)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: skip expectations for confirmed conntrack nft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed conntrac...

CWE-2732021

CVE-2011-2921

CRITICAL
CVSS:9.8(Critical)

ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

CWE-2732011

CVE-2011-3350

CRITICAL
CVSS:9.8(Critical)

masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.

CWE-2732011

CVE-2012-1187

CRITICAL
CVSS:9.8(Critical)

Bitlbee does not drop extra group privileges correctly in unix.c

CWE-2732012