Search for vulnerabilities
Vulnerability details: VCID-27u9-dnbz-m3cu
Vulnerability ID VCID-27u9-dnbz-m3cu
Aliases CVE-2023-6841
GHSA-w97f-w3hq-36g2
Summary Keycloak Denial of Service vulnerability A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with the introduction of the User Profile feature.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-231 Improper Handling of Extra Values
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2023-6841
cvssv3.1 7.5 https://access.redhat.com/security/cve/CVE-2023-6841
generic_textual HIGH https://access.redhat.com/security/cve/CVE-2023-6841
ssvc Track https://access.redhat.com/security/cve/CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2023-6841
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2254714
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=2254714
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2254714
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2254714
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-w97f-w3hq-36g2
cvssv3.1 6.5 https://github.com/keycloak/keycloak
generic_textual HIGH https://github.com/keycloak/keycloak
cvssv3.1 6.5 https://github.com/keycloak/keycloak/issues/32837
generic_textual HIGH https://github.com/keycloak/keycloak/issues/32837
cvssv3.1 6.5 https://github.com/keycloak/keycloak/releases/tag/24.0.0
generic_textual HIGH https://github.com/keycloak/keycloak/releases/tag/24.0.0
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-6841
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-6841
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json
https://access.redhat.com/security/cve/CVE-2023-6841
https://api.first.org/data/v1/epss?cve=CVE-2023-6841
https://bugzilla.redhat.com/show_bug.cgi?id=2254714
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/issues/32837
https://github.com/keycloak/keycloak/releases/tag/24.0.0
https://nvd.nist.gov/vuln/detail/CVE-2023-6841
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:/a:redhat:jboss_enterprise_bpms_platform:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
cpe:/a:redhat:jboss_fuse:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
cpe:/a:redhat:mobile_application_platform:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4
cpe:/a:redhat:openshift_application_runtimes:1.0 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
cpe:/a:redhat:red_hat_single_sign_on:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
GHSA-w97f-w3hq-36g2 https://github.com/advisories/GHSA-w97f-w3hq-36g2
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-6841
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-6841
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/ Found at https://access.redhat.com/security/cve/CVE-2023-6841
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2254714
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2254714
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2254714
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/keycloak/keycloak/issues/32837
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/keycloak/keycloak/releases/tag/24.0.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6841
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.50212
EPSS Score 0.00269
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:30:49.521914+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-w97f-w3hq-36g2/GHSA-w97f-w3hq-36g2.json 37.0.0