CVE-2023-49594
- Reference to the description:
- Description:
- An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.
- Last updated date:
- 01/17/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/03/2024
- Reference url to background
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1907