VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-tee7-t9fw-aaad

Essentials
Severities (96)
References (15)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-tee7-t9fw-aaad
Aliases	CVE-2023-1664 GHSA-5cc8-pgp5-7mpm
Summary	A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-295

Improper Certificate Validation

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00204	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2023-1664
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-5cc8-pgp5-7mpm
cvssv3.1	6.8	https://github.com/keycloak/keycloak
generic_textual	HIGH	https://github.com/keycloak/keycloak
cvssv3.1_qr	MODERATE	https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-1664
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-1664

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-1664
		https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
		https://github.com/keycloak/keycloak
2182196		https://bugzilla.redhat.com/show_bug.cgi?id=2182196
cpe:2.3:a:redhat:build_of_quarkus:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:build_of_quarkus:-:::::::*
cpe:2.3:a:redhat:jboss_a-mq:7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_a-mq:7:::::::*
cpe:2.3:a:redhat:keycloak:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:::::::*
cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:::::::*
cpe:2.3:a:redhat:single_sign-on:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
CVE-2023-1664		https://access.redhat.com/security/cve/CVE-2023-1664
CVE-2023-1664		https://nvd.nist.gov/vuln/detail/CVE-2023-1664
GHSA-5cc8-pgp5-7mpm		https://github.com/advisories/GHSA-5cc8-pgp5-7mpm
GHSA-5cc8-pgp5-7mpm		https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
RHSA-2023:5491		https://access.redhat.com/errata/RHSA-2023:5491

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T21:33:57Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1664

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1664

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.19322
EPSS Score	0.00049
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.