VYPR
Moderate severityNVD Advisory· Published Dec 18, 2023· Updated Nov 11, 2025

Keycloak: open redirect via "form_post.jwt" jarm response mode

CVE-2023-6927

Description

A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-coreMaven
< 23.0.423.0.4

Affected products

23

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.