Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6841

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

Published

2024-09-10T17:15:15.170

Last Modified

2024-10-01T14:15:05.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-231
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	keycloak	-	Yes
Application	redhat	single_sign-on	7.0	Yes

References

https://access.redhat.com/security/cve/CVE-2023-6841 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2254714 Issue Tracking, Vendor Advisory ([email protected])