What is the severity of CVE-2023-6841?

CVE-2023-6841 is classified as a denial of service vulnerability that can lead to resource exhaustion.

How do I fix CVE-2023-6841?

To resolve CVE-2023-6841, you should upgrade to Keycloak version 24.0.0 or later.

What systems are affected by CVE-2023-6841?

CVE-2023-6841 affects Keycloak version prior to 24.0.0 and Red Hat Single Sign-On version 7.0.

What actions can an attacker take with CVE-2023-6841?

An attacker can exploit CVE-2023-6841 by sending repeated HTTP requests, potentially causing a denial of service.

Is there a workaround for CVE-2023-6841?

Currently, there are no known effective workarounds for CVE-2023-6841, so upgrading is recommended.

Vulnerability/
CVE-2023-6841

high

7.5

CWE

231

15/12/2023

10/9/2024

31/12/2024

CVE-2023-6841: Keycloak: amount of attributes per object is not limited and it may lead to dos

First published: Fri Dec 15 2023(Updated: )

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with the introduction of the User Profile feature.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
maven/org.keycloak:keycloak-core	<24.0.0	24.0.0
Red Hat Keycloak
redhat single sign-on	=7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-6841?
CVE-2023-6841 is classified as a denial of service vulnerability that can lead to resource exhaustion.
How do I fix CVE-2023-6841?
To resolve CVE-2023-6841, you should upgrade to Keycloak version 24.0.0 or later.
What systems are affected by CVE-2023-6841?
CVE-2023-6841 affects Keycloak version prior to 24.0.0 and Red Hat Single Sign-On version 7.0.
What actions can an attacker take with CVE-2023-6841?
An attacker can exploit CVE-2023-6841 by sending repeated HTTP requests, potentially causing a denial of service.
Is there a workaround for CVE-2023-6841?
Currently, there are no known effective workarounds for CVE-2023-6841, so upgrading is recommended.

agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/author
agent/references
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-6841
collector/github-advisory-latest
source/GitHub
alias/GHSA-w97f-w3hq-36g2
agent/software-canonical-lookup
agent/severity
agent/event
collector/github-advisory
agent/trending
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/maven
vendor/redhat
canonical/red hat keycloak
canonical/redhat single sign-on
version/redhat single sign-on/7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.