{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0264","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2023-01-12T23:10:37.812Z","datePublished":"2023-08-04T17:09:27.693Z","dateUpdated":"2024-08-02T05:02:44.110Z"},"containers":{"cna":{"affected":[{"vendor":"redhat.com","product":"Keycloak","versions":[{"version":"18.0.6","status":"affected","lessThan":"18.0.6","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability."}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-0264"}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2023-08-04T17:09:27.693Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:02:44.110Z"},"title":"CVE Program Container","references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-0264","tags":["x_transferred"]}]}]}}