CVE-2017-7474

Critical

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to…

redhat·CWE-253·Published 2017-05-12

CVSS

9.8

EPSS

0.03

KEV

Exploits

Vendor statements (1)

rhn.redhat.com

cve.orgen

238 chars

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

OSV.deven

238 chars

GHSAen

238 chars

NVDes

265 chars

Se encontró que el adaptador de Keycloak Node.js 2.5 - 3.0 no controló correctamente los símbolos no válidos. Un atacante podría utilizar esta falla para omitir la autenticación y obtener acceso a información restringida, o posiblemente llevar a cabo otros ataques.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H