{"id":"CVE-2023-0264","details":"A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.","aliases":["GHSA-9g98-5mj6-f9mv"],"modified":"2026-05-04T08:39:27.813891Z","published":"2023-08-04T18:15:11.090Z","withdrawn":"2026-05-04T08:39:27.813891Z","related":["CGA-65jp-w78r-69gf"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-0264"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0264.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"18.0.6"}]},{"events":[{"introduced":"0"},{"fixed":"7.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.9"}]},{"events":[{"introduced":"0"},{"last_affected":"4.10"}]},{"events":[{"introduced":"0"},{"last_affected":"4.9"}]},{"events":[{"introduced":"0"},{"last_affected":"4.10"}]},{"events":[{"introduced":"0"},{"last_affected":"4.9"}]},{"events":[{"introduced":"0"},{"last_affected":"4.10"}]},{"events":[{"introduced":"0"},{"fixed":"7.6.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}