Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2023-0657

CVE-2023-0657

LOW3.4

Keycloak: impersonation via logout token exchange

Published Nov 17, 2024

Modified 1 years ago

Details

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.

References

https://access.redhat.com/errata/RHSA-2024:1867

https://access.redhat.com/errata/RHSA-2024:1868

https://access.redhat.com/security/cve/CVE-2023-0657

https://bugzilla.redhat.com/show_bug.cgi?id=2166728

https://www.cve.org/CVERecord?id=CVE-2023-0657

CVSS Analysis

CVSS v3.1

3.4

Exploitability

Attack Vector

AdjacentAV:A

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

NoneA:N

3.4/CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedNov 17, 2024

ModifiedNov 17, 2024

CVE-2023-0657 | Mondoo Vulnerability Intelligence