Moderate severityNVD Advisory· Published Dec 18, 2023· Updated Nov 11, 2025
Keycloak: open redirect via "form_post.jwt" jarm response mode
CVE-2023-6927
Description
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 23.0.4 | 23.0.4 |
Affected products
23- Red Hat/Red Hat build of Keycloak 22.0.8v5cpe:/a:redhat:build_keycloak:22
cpe:/a:redhat:red_hat_single_sign_on:7.6+ 4 more
- cpe:/a:redhat:red_hat_single_sign_on:7.6
- cpe:/a:redhat:red_hat_single_sign_on:7.6.6
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el7range: 0:18.0.12-1.redhat_00001.1.el7sso
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el8range: 0:18.0.12-1.redhat_00001.1.el8sso
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el9range: 0:18.0.12-1.redhat_00001.1.el9sso
- Red Hat/RHEL-8 based Middleware Containersv5cpe:/a:redhat:rhosemc:1.0::el8Range: 7.6-41
- osv-coords15 versionspkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-bitnami-fipspkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-fipspkg:apk/chainguard/keycloak-fips-bitnami-compatpkg:apk/chainguard/keycloak-fips-policy-140-2pkg:apk/chainguard/keycloak-fips-policy-140-3pkg:apk/chainguard/keycloak-iamguarded-compatpkg:apk/chainguard/keycloak-iamguarded-fipspkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/keycloak-iamguarded-compatpkg:maven/org.keycloak/keycloak-core
< 23.0.4-r0+ 14 more
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4-r0
- (no CPE)range: < 23.0.4
Patches
Vulnerability mechanics
References
17- access.redhat.com/errata/RHSA-2024:0094ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:0095ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:0096ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:0097ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:0098ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:0100ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:0101ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:0798mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0799mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0800mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0801mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0804mitrevendor-advisoryx_refsource_REDHAT
- github.com/advisories/GHSA-9vm7-v8wj-3fqwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6927ghsaADVISORY
- access.redhat.com/security/cve/CVE-2023-6927ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqwghsaWEB
News mentions
0No linked articles in our index yet.