VYPR
Medium severity5.4GHSA Advisory· Published Apr 25, 2024· Updated Apr 15, 2026

CVE-2023-6544

CVE-2023-6544

Description

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-servicesMaven
< 22.0.1022.0.10
org.keycloak:keycloak-servicesMaven
>= 23.0.0, < 24.0.324.0.3

Affected products

16

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.