{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19916?format=json","vulnerability_id":"VCID-7eps-984r-effr","summary":"Keycloak vulnerable to log Injection during WebAuthn authentication or registration\nA flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with \"Security Key login\" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection.\n\nAcknowledgements:\nSpecial thanks toTheresa Henze for reporting this issue and helping us improve our security.","aliases":[{"alias":"CVE-2023-6484"},{"alias":"GHSA-j628-q885-8gr5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68608?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/68609?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67000?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qmd-pmw8-g7fu"},{"vulnerability":"VCID-1vt4-atrk-7qet"},{"vulnerability":"VCID-2pkm-5t3t-rygs"},{"vulnerability":"VCID-3ese-6dfu-1bhe"},{"vulnerability":"VCID-3rdf-9pec-vua3"},{"vulnerability":"VCID-3xad-4hy6-dkcf"},{"vulnerability":"VCID-4x3a-6k9m-8qha"},{"vulnerability":"VCID-5w6u-h7mk-6qds"},{"vulnerability":"VCID-7eps-984r-effr"},{"vulnerability":"VCID-a1pj-tqgz-rkd7"},{"vulnerability":"VCID-sf7t-yy7r-1ugn"},{"vulnerability":"VCID-tbwr-jys1-9ber"},{"vulnerability":"VCID-zs3j-z2ys-kke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/145306?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1?arch=el7sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4s27-duu4-9fge"},{"vulnerability":"VCID-7eps-984r-effr"},{"vulnerability":"VCID-9c3s-97uq-7bgt"},{"vulnerability":"VCID-fnjb-ewc9-7fhj"},{"vulnerability":"VCID-h24r-buj4-1uej"},{"vulnerability":"VCID-wb1u-mq5k-5khu"},{"vulnerability":"VCID-xq82-xtbe-z3da"},{"vulnerability":"VCID-xrzp-99us-8ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1%3Farch=el7sso"},{"url":"http://public2.vulnerablecode.io/api/packages/145301?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1?arch=el8sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4s27-duu4-9fge"},{"vulnerability":"VCID-7eps-984r-effr"},{"vulnerability":"VCID-9c3s-97uq-7bgt"},{"vulnerability":"VCID-fnjb-ewc9-7fhj"},{"vulnerability":"VCID-h24r-buj4-1uej"},{"vulnerability":"VCID-wb1u-mq5k-5khu"},{"vulnerability":"VCID-xq82-xtbe-z3da"},{"vulnerability":"VCID-xrzp-99us-8ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1%3Farch=el8sso"},{"url":"http://public2.vulnerablecode.io/api/packages/145295?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1?arch=el9sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4s27-duu4-9fge"},{"vulnerability":"VCID-7eps-984r-effr"},{"vulnerability":"VCID-9c3s-97uq-7bgt"},{"vulnerability":"VCID-fnjb-ewc9-7fhj"},{"vulnerability":"VCID-h24r-buj4-1uej"},{"vulnerability":"VCID-wb1u-mq5k-5khu"},{"vulnerability":"VCID-xq82-xtbe-z3da"},{"vulnerability":"VCID-xrzp-99us-8ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.12-1.redhat_00001.1%3Farch=el9sso"},{"url":"http://public2.vulnerablecode.io/api/packages/141415?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1?arch=el7sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vt4-atrk-7qet"},{"vulnerability":"VCID-4x3a-6k9m-8qha"},{"vulnerability":"VCID-5w6u-h7mk-6qds"},{"vulnerability":"VCID-7eps-984r-effr"},{"vulnerability":"VCID-9wb2-3w6f-wfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1%3Farch=el7sso"},{"url":"http://public2.vulnerablecode.io/api/packages/141413?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1?arch=el8sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vt4-atrk-7qet"},{"vulnerability":"VCID-4x3a-6k9m-8qha"},{"vulnerability":"VCID-5w6u-h7mk-6qds"},{"vulnerability":"VCID-7eps-984r-effr"},{"vulnerability":"VCID-9wb2-3w6f-wfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1%3Farch=el8sso"},{"url":"http://public2.vulnerablecode.io/api/packages/141414?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1?arch=el9sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vt4-atrk-7qet"},{"vulnerability":"VCID-4x3a-6k9m-8qha"},{"vulnerability":"VCID-5w6u-h7mk-6qds"},{"vulnerability":"VCID-7eps-984r-effr"},{"vulnerability":"VCID-9wb2-3w6f-wfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.13-1.redhat_00001.1%3Farch=el9sso"}],"references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0798","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0799","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0800","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0801","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0804","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1865","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6484","reference_id":"","reference_type":"","scores":[{"value":"0.00596","scoring_system":"epss","scoring_elements":"0.697","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248423","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248423"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a"},{"reference_url":"https://github.com/keycloak/keycloak/issues/25078","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/issues/25078"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6484","reference_id":"CVE-2023-6484","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2023-6484"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6484","reference_id":"CVE-2023-6484","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6484"},{"reference_url":"https://github.com/advisories/GHSA-j628-q885-8gr5","reference_id":"GHSA-j628-q885-8gr5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j628-q885-8gr5"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5","reference_id":"GHSA-j628-q885-8gr5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5"}],"weaknesses":[{"cwe_id":117,"name":"Improper Output Neutralization for Logs","description":"The product does not neutralize or incorrectly neutralizes output that is written to logs."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7eps-984r-effr"}