{"id":"CVE-2023-6927","details":"A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\" which could be used to bypass the security patch implemented to address CVE-2023-6134.","aliases":["GHSA-9vm7-v8wj-3fqw"],"modified":"2026-04-02T09:47:57.149247Z","published":"2023-12-18T23:15:10.027Z","related":["CGA-5xgv-9hhm-mxch"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0798"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0800"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0801"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0094"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0097"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0098"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0100"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0799"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0804"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-6927"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0095"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0096"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0101"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255027"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/keycloak/keycloak","events":[{"introduced":"0"},{"last_affected":"e6a274ea0e31c6572e795f3372f006c88122539b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0"}]}}],"versions":["1.0-alpha-1","1.0-alpha-1-12062013","1.0-alpha-2","1.0-alpha-3","1.0-beta-1","1.0-beta-1-20150521","1.0-beta-1-20150523","1.0-beta-2","1.0-beta-3","1.0-beta-4","1.0-final","1.0-rc-1","1.0-rc-2","1.0.0.Final","1.0.1.Final","1.0.2.Final","1.0.3.Final","1.0.4.Final","1.0.5.Final","1.1.0.Beta1","1.1.0.Beta2","1.1.0.Final","1.1.1.Final","1.2.0.Beta1","1.2.0.CR1","1.2.0.CR1-redhat-1","1.2.0.Final","1.2.0.Final-redhat-1","1.2.0.Final-redhat-2","1.3.0.Final","1.3.1.Final","1.4.0.Final","1.5.0.Final","1.5.0.Final-redhat-1","1.5.1.Final","1.5.1.Final-redhat-1","1.5.1.Final-redhat-2","1.6.0.Final","1.6.0.Final-redhat-1","1.6.1.Final","1.6.1.Final-redhat-1","1.7.0.CR1","1.7.0.CR1-redhat-1","1.7.0.Final","1.7.0.Final-redhat-1","1.8.0.Alpha1","1.8.0.CR1","1.8.0.CR1-redhat-1","1.8.0.CR1-redhat-2","1.8.0.CR2","1.8.0.CR2-redhat-1","1.8.0.CR2-redhat-1-EAP-7","1.8.0.CR3","1.8.0.Final","1.8.0.Final-redhat-1","1.8.1.Final","1.8.1.Final-redhat-1","1.8.2.Final","1.8.2.Final-redhat-1","1.9.0.CR1","1.9.0.CR1-redhat-1","1.9.0.CR1-redhat-2","1.9.0.Final","1.9.0.Final-redhat-1","1.9.1.Final","1.9.2.Final","1.9.2.Test","1.9.3.Final","1.9.4.Final","1.9.5.Final","1.9.6.Final","1.9.7.Final","1.9.8.Final","10.0.0","10.0.1","10.0.2","11.0.0","11.0.1","11.0.2","11.0.3","12.0.0","12.0.1","12.0.2","12.0.3","12.0.4","13.0.0","13.0.1","14.0.0","15.0.0","15.0.1","15.0.2","15.1.0","15.1.1","16.0.0","16.1.0","16.1.1","17.0.0","17.0.0-2","17.0.0-3","17.0.0-4","17.0.0-5","17.0.0-6","17.0.1","18.0.0","18.0.1","18.0.2","19.0.0","19.0.1","19.0.2","19.0.3","2.0.0.CR1","2.0.0.Final","2.0.0.Test2","2.1.0.CR1","2.1.0.Final","2.2.0.CR1","2.2.0.Final","2.2.0.Test1","2.2.1.Final","2.3.0.CR1","2.3.0.Final","2.4.0.CR1","2.4.0.Final","2.4.0.Test","2.5.0.CR1","2.5.0.Final","2.5.1.Final","2.5.10.Final","2.5.2.Final","2.5.3.Final","2.5.4.Final","2.5.5.Final","2.5.6.Final","2.5.7.Final","2.5.8.Final","2.5.9.Final","20.0.0","20.0.1","20.0.2","20.0.3","20.0.4","20.0.5","21.0.0","21.0.1","21.0.2","21.1.0","21.1.1","21.1.2","22.0.0","22.0.1","22.0.10","22.0.11","22.0.12","22.0.13","22.0.2","22.0.3","22.0.4","22.0.5","22.0.6","22.0.7","22.0.8","22.0.9","23.0.0","23.0.1","23.0.2","23.0.3","23.0.4","23.0.5","23.0.6","23.0.7","24.0.0","24.0.1","24.0.10","24.0.2","24.0.3","24.0.4","24.0.5","24.0.6","24.0.7","24.0.8","24.0.9","25.0.0","25.0.1","25.0.2","25.0.3","25.0.4","25.0.5","25.0.6","26.0.0","26.0.1","26.0.10","26.0.11","26.0.12","26.0.13","26.0.14","26.0.15","26.0.16","26.0.17","26.0.2","26.0.3","26.0.4","26.0.5","26.0.6","26.0.7","26.0.8","26.0.9","26.1.0","26.1.1","26.1.2","26.1.3","26.1.4","26.1.5","26.2.0","26.2.1","26.2.10","26.2.11","26.2.12","26.2.2","26.2.3","26.2.4","26.2.5","26.2.6","26.2.7","26.2.8","26.2.9","26.3.0","26.3.1","26.3.2","26.3.3","26.3.4","26.3.5","26.4.0","26.4.1","26.4.2","26.4.3","26.4.4","26.4.5","26.4.6","26.4.7","26.4.8","26.5.0","26.5.1","26.5.2","3.0.0.CR1","3.0.0.Final","3.1.0.CR1","3.1.0.Final","3.1.1.Final-rhsso","3.2.0.CR1","3.2.0.Final","3.2.0.Final-rhsso","3.2.1.Final","3.3.0.CR1","3.3.0.CR2","3.3.0.Final","3.4.0.CR1","3.4.0.Final","3.4.1.CR1","3.4.1.Final","3.4.2.Final","3.4.3.Final","3.4.3.Final-2","4.0.0.Beta1","4.0.0.Beta2","4.0.0.Beta3","4.0.0.Final","4.1.0.Final","4.2.0.Final","4.2.1.Final","4.3.0.Final","4.4.0.Final","4.5.0.Final","4.6.0.Final","4.6.0.Tmp","4.7.0.Final","4.8.0.Final","4.8.1.Final","4.8.2.Final","4.8.3.Final","5.0.0","6.0.0","6.0.1","7.0.0","8.0.0","8.0.1","8.0.2","9.0.0","9.0.2","9.0.3","nightly"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6927.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}