Search for vulnerabilities
Vulnerability details: VCID-6qny-hky9-9kge
Vulnerability ID VCID-6qny-hky9-9kge
Aliases CVE-2023-1664
GHSA-5cc8-pgp5-7mpm
Summary Keycloak Untrusted Certificate Validation vulnerability A flaw was found in keycloak-core. This flaw considers the scenario when using X509 Client Certificate Authenticatior with the option "Revalidate Client Certificate". A user may be able to choose, if directly connect to keycloak (not passing via reverse proxy) a specific certificate. If there's a configuration error in KC_SPI_TRUSTSTORE_FILE_FILE the authenticator allows even with the "Cannot validate client certificate trust: Truststore not available" message as there's no certificate to trust against.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-295 Improper Certificate Validation
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2023-1664
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2023-1664
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-5cc8-pgp5-7mpm
cvssv3.1 6.5 https://github.com/keycloak/keycloak
generic_textual MODERATE https://github.com/keycloak/keycloak
cvssv3.1 6.5 https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
cvssv3.1_qr MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
generic_textual MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-1664
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-1664
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
https://access.redhat.com/security/cve/CVE-2023-1664
https://api.first.org/data/v1/epss?cve=CVE-2023-1664
https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
https://nvd.nist.gov/vuln/detail/CVE-2023-1664
2182196 https://bugzilla.redhat.com/show_bug.cgi?id=2182196
cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
GHSA-5cc8-pgp5-7mpm https://github.com/advisories/GHSA-5cc8-pgp5-7mpm
RHSA-2023:5491 https://access.redhat.com/errata/RHSA-2023:5491
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2023-1664
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T21:33:57Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1664
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.46903
EPSS Score 0.00238
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:45:04.331452+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-5cc8-pgp5-7mpm/GHSA-5cc8-pgp5-7mpm.json 37.0.0