A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to impersonate any federated user linked to the affected Identity Provider, leading to unauthorized access and potential privilege escalation.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NRed Hat Build Of Keycloak
APPRedhat26.6 – 26.6.4 (bez)
Related vulnerabilities
A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within th...
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all a...
A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manag...
A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited ...
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypa...