Medium severity5.3GHSA Advisory· Published Apr 25, 2024· Updated Apr 15, 2026
CVE-2023-6484
CVE-2023-6484
Description
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | < 22.0.9 | 22.0.9 |
org.keycloak:keycloak-servicesMaven | >= 23.0.0, < 23.0.5 | 23.0.5 |
Affected products
2- Range: >= 23.0.0, < 23.0.5
Patches
Vulnerability mechanics
References
21- github.com/advisories/GHSA-j628-q885-8gr5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6484ghsaADVISORY
- access.redhat.com/errata/RHSA-2024:0798nvdWEB
- access.redhat.com/errata/RHSA-2024:0799nvdWEB
- access.redhat.com/errata/RHSA-2024:0800nvdWEB
- access.redhat.com/errata/RHSA-2024:0801nvdWEB
- access.redhat.com/errata/RHSA-2024:0804nvdWEB
- access.redhat.com/errata/RHSA-2024:1860nvdWEB
- access.redhat.com/errata/RHSA-2024:1861nvdWEB
- access.redhat.com/errata/RHSA-2024:1862nvdWEB
- access.redhat.com/errata/RHSA-2024:1864nvdWEB
- access.redhat.com/errata/RHSA-2024:1865nvdWEB
- access.redhat.com/errata/RHSA-2024:1866nvdWEB
- access.redhat.com/errata/RHSA-2024:1867nvdWEB
- access.redhat.com/errata/RHSA-2024:1868nvdWEB
- access.redhat.com/security/cve/CVE-2023-6484nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897affghsaWEB
- github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9aghsaWEB
- github.com/keycloak/keycloak/issues/25078ghsaWEB
- github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5ghsaWEB
News mentions
0No linked articles in our index yet.