{"vulnerability": "CVE-2023-2585", "sightings": [{"uuid": "1c771185-711a-4626-949d-7bc27181f2d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2585", "type": "seen", "source": "https://t.me/arpsyndicate/2079", "content": "#ExploitObserverAlert\n\nCVE-2023-2585\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2585. Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client.", "creation_timestamp": "2023-12-23T04:24:51.000000Z"}, {"uuid": "2322cb6d-7947-48e1-9d1d-302c51f4265e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2585", "type": "seen", "source": "https://t.me/ctinow/157610", "content": "https://ift.tt/I3CfiD4\nCVE-2023-2585", "creation_timestamp": "2023-12-21T11:22:18.000000Z"}]}