CVE-2023-2585 — Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick a — CVE Database · The Intelligence Room