org.keycloak:keycloak-services is vulnerable to Improper Certificate Validation. The vulnerability exists in the `authenticateClient` function of `X509ClientAuthenticator.java` because it does not properly verify the client certificates when the application is configured to support mTLS authentication for OAuth/OpenID clients, which allows an attacker with a valid certificate to impersonate a legitimate user and access data that belongs to other clients.Read More