A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
{
"cwe_ids": [
"CWE-601"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6927.json",
"cna_assigner": "redhat"
}