Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-49594

Good to know:

icon

Date: December 23, 2023

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.

Language: Java

Severity Score

Related Resources (5)

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1907
https://github.com/instipod/DuoUniversalKeycloakAuthenticator/releases/tag/1.0.8
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1907
https://nvd.nist.gov/vuln/detail/CVE-2023-49594
https://www.mend.io/vulnerability-database/CVE-2023-49594

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Insertion of Sensitive Information Into Sent Data

CWE-201

Top Fix

icon

Upgrade Version

Upgrade to version 1.0.8

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us