CVE-2017-12160
Description
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
Risk Information
Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.571
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-12160 are fixed in Keycloak - keycloak-parent 3.3.0 | Windows |
| Vulnerabilities CVE-2017-12160 are fixed in Keycloak - keycloak-parent for Linux 3.3.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234