VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-dgpm-z9v1-aaak

Essentials
Severities (120)
References (21)
Severity details (38)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-dgpm-z9v1-aaak
Aliases	CVE-2023-6927 GHSA-3p75-q5cc-qmj7
Summary	A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-601	URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0094
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0094
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0095
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0095
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0096
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0096
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0097
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0097
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0098
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0098
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0100
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0100
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0101
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0101
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0798
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0798
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0799
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0799
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0800
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0800
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0801
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0801
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0804
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0804
cvssv3	4.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
cvssv3.1	4.6	https://access.redhat.com/security/cve/CVE-2023-6927
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2023-6927
epss	0.00147	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00157	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00157	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00157	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00166	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00213	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00213	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00350	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00350	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00415	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00563	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.00711	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2023-6927
cvssv3.1	4.6	https://bugzilla.redhat.com/show_bug.cgi?id=2255027
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2255027
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3p75-q5cc-qmj7
cvssv3.1	4.6	https://github.com/keycloak/keycloak
cvssv3.1	6.8	https://github.com/keycloak/keycloak
generic_textual	HIGH	https://github.com/keycloak/keycloak
generic_textual	MODERATE	https://github.com/keycloak/keycloak
cvssv3	6.1	https://nvd.nist.gov/vuln/detail/CVE-2023-6927
cvssv3.1	4.6	https://nvd.nist.gov/vuln/detail/CVE-2023-6927
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2023-6927
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-6927

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:0094
		https://access.redhat.com/errata/RHSA-2024:0095
		https://access.redhat.com/errata/RHSA-2024:0096
		https://access.redhat.com/errata/RHSA-2024:0097
		https://access.redhat.com/errata/RHSA-2024:0098
		https://access.redhat.com/errata/RHSA-2024:0100
		https://access.redhat.com/errata/RHSA-2024:0101
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
		https://access.redhat.com/security/cve/CVE-2023-6927
		https://api.first.org/data/v1/epss?cve=CVE-2023-6927
		https://bugzilla.redhat.com/show_bug.cgi?id=2255027
		https://github.com/keycloak/keycloak
cpe:2.3:a:redhat:keycloak:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:::::::*
cpe:2.3:a:redhat:single_sign-on:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
CVE-2023-6927		https://nvd.nist.gov/vuln/detail/CVE-2023-6927
GHSA-3p75-q5cc-qmj7		https://github.com/advisories/GHSA-3p75-q5cc-qmj7
RHSA-2024:0798		https://access.redhat.com/errata/RHSA-2024:0798
RHSA-2024:0799		https://access.redhat.com/errata/RHSA-2024:0799
RHSA-2024:0800		https://access.redhat.com/errata/RHSA-2024:0800
RHSA-2024:0801		https://access.redhat.com/errata/RHSA-2024:0801
RHSA-2024:0804		https://access.redhat.com/errata/RHSA-2024:0804

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0094

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0095

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0096

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0097

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0098

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0100

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0101

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0798

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0798

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0799

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0799

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0800

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0800

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0801

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0801

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0804

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0804

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2023-6927

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2255027

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6927

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6927

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6927

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.51515
EPSS Score	0.00147
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-03T17:14:56.493977+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2023-6927	34.0.0rc1