CVE-2022-4137

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. The flaw requires a user or administrator to interact with a link in order to be vulnerable, which may compromise user details, allowing them to be changed or collected by an attacker. API Endpoints: 'oob' OAuth endpoint The vulnerability may allow an attacker to conduct phishing attacks and alter the appearance of web pages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.