VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ttnf-w73s-zfea

Essentials
Severities (23)
References (12)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ttnf-w73s-zfea
Aliases	GHSA-3p75-q5cc-qmj7
Summary	Duplicate Advisory: Keycloak Open Redirect vulnerability # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9vm7-v8wj-3fqw. This link is maintained to preserve external references. # Original Description A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-601	URL Redirection to Untrusted Site ('Open Redirect')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0094
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0094
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0095
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0095
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0096
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0096
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0097
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0097
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0098
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0098
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0100
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0100
cvssv3.1	4.6	https://access.redhat.com/errata/RHSA-2024:0101
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2024:0101
cvssv3.1	4.6	https://access.redhat.com/security/cve/CVE-2023-6927
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2023-6927
cvssv3.1	4.6	https://bugzilla.redhat.com/show_bug.cgi?id=2255027
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2255027
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3p75-q5cc-qmj7
cvssv3.1	4.6	https://github.com/keycloak/keycloak
generic_textual	MODERATE	https://github.com/keycloak/keycloak
cvssv3.1	4.6	https://nvd.nist.gov/vuln/detail/CVE-2023-6927
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-6927

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:0094
		https://access.redhat.com/errata/RHSA-2024:0095
		https://access.redhat.com/errata/RHSA-2024:0096
		https://access.redhat.com/errata/RHSA-2024:0097
		https://access.redhat.com/errata/RHSA-2024:0098
		https://access.redhat.com/errata/RHSA-2024:0100
		https://access.redhat.com/errata/RHSA-2024:0101
		https://access.redhat.com/security/cve/CVE-2023-6927
		https://bugzilla.redhat.com/show_bug.cgi?id=2255027
		https://github.com/keycloak/keycloak
		https://nvd.nist.gov/vuln/detail/CVE-2023-6927
GHSA-3p75-q5cc-qmj7		https://github.com/advisories/GHSA-3p75-q5cc-qmj7

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0094

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0095

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0096

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0097

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0098

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0100

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0101

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2023-6927

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2255027

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6927

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:42:38.113419+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-3p75-q5cc-qmj7/GHSA-3p75-q5cc-qmj7.json	37.0.0