Skip to content

Commit

Permalink
Adding CVE as alias
Browse files Browse the repository at this point in the history
  • Loading branch information
@Chetven
Chetven committed Dec 21, 2024
1 parent aef7ebc commit 7f30962
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions advisories/github-reviewed/2024/01/GHSA-9vm7-v8wj-3fqw/GHSA-9vm7-v8wj-3fqw.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@
"id": "GHSA-9vm7-v8wj-3fqw",
"modified": "2024-01-23T14:43:50Z",
"published": "2024-01-23T14:43:50Z",
"aliases": [],
"aliases": [
"CVE-2023-6927"
],
"summary": "keycloak-core: open redirect via \"form_post.jwt\" JARM response mode",
"details": "An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\". It is observed that changing the response_mode parameter in the original proof of concept from \"form_post\" to \"form_post.jwt\" can bypass the security patch implemented to address CVE-2023-6134.",
"severity": [],
Expand Down Expand Up @@ -47,4 +49,4 @@
"github_reviewed_at": "2024-01-23T14:43:50Z",
"nvd_published_at": null
}
}
}

0 comments on commit 7f30962

Please sign in to comment.