Medium severity5.4NVD Advisory· Published Apr 25, 2024· Updated Apr 15, 2026
CVE-2023-6544
CVE-2023-6544
Description
A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | < 22.0.10 | 22.0.10 |
org.keycloak:keycloak-servicesMaven | >= 23.0.0, < 24.0.3 | 24.0.3 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- github.com/advisories/GHSA-46c8-635v-68r2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6544ghsaADVISORY
- access.redhat.com/errata/RHSA-2024:1860nvdWEB
- access.redhat.com/errata/RHSA-2024:1861nvdWEB
- access.redhat.com/errata/RHSA-2024:1862nvdWEB
- access.redhat.com/errata/RHSA-2024:1864nvdWEB
- access.redhat.com/errata/RHSA-2024:1866nvdWEB
- access.redhat.com/errata/RHSA-2024:1867nvdWEB
- access.redhat.com/errata/RHSA-2024:1868nvdWEB
- access.redhat.com/security/cve/CVE-2023-6544nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2ghsaWEB
News mentions
0No linked articles in our index yet.