CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-0560

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.5%

CVSS Severity

CVSS v3 Score 6.3

References

https://access.redhat.com/security/cve/CVE-2024-0560
https://bugzilla.redhat.com/show_bug.cgi?id=2258456
https://github.com/3scale/APIcast/pull/1438
https://access.redhat.com/security/cve/CVE-2024-0560
https://bugzilla.redhat.com/show_bug.cgi?id=2258456
https://github.com/3scale/APIcast/pull/1438

Products affected by CVE-2024-0560

Redhat » 3scale » Version: N/A

cpe:2.3:a:redhat:3scale:-
Redhat » Keycloak » Version: 15.0.0

cpe:2.3:a:redhat:keycloak:15.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-0560

Products

Pricing

Contact Us