Fedora Account System
Red Hat Associate
Red Hat Customer
Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
This issue has been addressed in the following products: Red Hat build of Keycloak 22.0.10 Via RHSA-2024:1868 https://access.redhat.com/errata/RHSA-2024:1868
This issue has been addressed in the following products: Red Hat build of Keycloak 22 Via RHSA-2024:1867 https://access.redhat.com/errata/RHSA-2024:1867