{
  "threat_severity" : "Moderate",
  "public_date" : "2024-04-15T00:00:00Z",
  "bugzilla" : {
    "description" : "keycloak: secondary factor bypass in step-up authentication",
    "id" : "2221760",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2221760"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-287",
  "details" : [ "A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.", "A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication." ],
  "statement" : "Note that exploitation of this flaw requires several factors to be successful. The attacker must already have valid credentials within the system, without which there is no vulnerability, and the application must be configured to use the step-up flow, which is the only aspect of authentication bypassed by this flaw; the name and password restriction function as expected. Further, the impact effects of this flaw are limited to user-level and do not affect the system as a whole. For this reason, Red Hat Product Security has assessed this flaw to be Moderate security impact.",
  "acknowledgement" : "Red Hat would like to thank Johannes Bergmann (Bosch) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat build of Keycloak 22",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1867",
    "cpe" : "cpe:/a:redhat:build_keycloak:22::el9",
    "package" : "rhbk/keycloak-operator-bundle:22.0.10-1"
  }, {
    "product_name" : "Red Hat build of Keycloak 22",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1867",
    "cpe" : "cpe:/a:redhat:build_keycloak:22::el9",
    "package" : "rhbk/keycloak-rhel9:22-13"
  }, {
    "product_name" : "Red Hat build of Keycloak 22",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1867",
    "cpe" : "cpe:/a:redhat:build_keycloak:22::el9",
    "package" : "rhbk/keycloak-rhel9-operator:22-16"
  }, {
    "product_name" : "Red Hat build of Keycloak 22.0.10",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1868",
    "cpe" : "cpe:/a:redhat:build_keycloak:22",
    "package" : "keycloak"
  }, {
    "product_name" : "RHSSO 7.6.8",
    "release_date" : "2024-04-16T00:00:00Z",
    "advisory" : "RHSA-2024:1866",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-3597\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3597" ],
  "name" : "CVE-2023-3597",
  "csaw" : false
}