Search for vulnerabilities
Vulnerability details: VCID-sx3k-7dn2-eyag
Vulnerability ID VCID-sx3k-7dn2-eyag
Aliases CVE-2023-6927
GHSA-9vm7-v8wj-3fqw
GMS-2024-51
Summary keycloak-core: open redirect via "form_post.jwt" JARM response mode An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt". It is observed that changing the response_mode parameter in the original proof of concept from "form_post" to "form_post.jwt" can bypass the security patch implemented to address CVE-2023-6134.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 4.6 https://access.redhat.com/errata/RHSA-2024:0094
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:0094
cvssv3.1 4.6 https://access.redhat.com/errata/RHSA-2024:0095
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:0095
cvssv3.1 4.6 https://access.redhat.com/errata/RHSA-2024:0096
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:0096
cvssv3.1 4.6 https://access.redhat.com/errata/RHSA-2024:0097
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:0097
cvssv3.1 4.6 https://access.redhat.com/errata/RHSA-2024:0098
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:0098
cvssv3.1 4.6 https://access.redhat.com/errata/RHSA-2024:0100
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:0100
cvssv3.1 4.6 https://access.redhat.com/errata/RHSA-2024:0101
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2024:0101
cvssv3 4.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
cvssv3.1 4.6 https://access.redhat.com/security/cve/CVE-2023-6927
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2023-6927
epss 0.00237 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00237 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00237 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2023-6927
cvssv3.1 4.6 https://bugzilla.redhat.com/show_bug.cgi?id=2255027
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2255027
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9vm7-v8wj-3fqw
cvssv3.1 4.6 https://github.com/keycloak/keycloak
generic_textual MODERATE https://github.com/keycloak/keycloak
cvssv3.1 4.6 https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
cvssv3.1_qr MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
generic_textual MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
cvssv3.1 4.6 https://nvd.nist.gov/vuln/detail/CVE-2023-6927
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-6927
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-6927
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2024:0094
https://access.redhat.com/errata/RHSA-2024:0095
https://access.redhat.com/errata/RHSA-2024:0096
https://access.redhat.com/errata/RHSA-2024:0097
https://access.redhat.com/errata/RHSA-2024:0098
https://access.redhat.com/errata/RHSA-2024:0100
https://access.redhat.com/errata/RHSA-2024:0101
https://access.redhat.com/errata/RHSA-2024:0798
https://access.redhat.com/errata/RHSA-2024:0799
https://access.redhat.com/errata/RHSA-2024:0800
https://access.redhat.com/errata/RHSA-2024:0801
https://access.redhat.com/errata/RHSA-2024:0804
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
https://access.redhat.com/security/cve/CVE-2023-6927
https://api.first.org/data/v1/epss?cve=CVE-2023-6927
https://bugzilla.redhat.com/show_bug.cgi?id=2255027
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
https://nvd.nist.gov/vuln/detail/CVE-2023-6927
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
GHSA-9vm7-v8wj-3fqw https://github.com/advisories/GHSA-9vm7-v8wj-3fqw
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0094
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0095
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0096
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0097
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0098
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0100
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0101
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2023-6927
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2255027
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6927
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6927
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.46937
EPSS Score 0.00237
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:31:36.155809+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-9vm7-v8wj-3fqw/GHSA-9vm7-v8wj-3fqw.json 37.0.0