CVE-2023-6544

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.

Due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized. #### Acknowledgements: Special thanks to Bastian Kanbach for reporting this issue and helping us improve our security.

Due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized. #### Acknowledgements: Special thanks to Bastian Kanbach for reporting this issue and helping us improve our security.

Se encontró una falla en el paquete Keycloak. Este problema se produce debido a una expresión regular permisiva codificada para el filtrado que permite a los hosts registrar un cliente dinámico. Un usuario malintencionado con suficiente información sobre el entorno podría poner en peligro un entorno con este registro dinámico de cliente específico y esta configuración de TrustedDomain previamente no autorizada.