PT-2023-5051 · Red Hat · Keycloak

Mulliken

Publicado

2023-02-27

Atualizado

2023-09-25

CVE-2022-1438

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:H/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak, where under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability. This issue can be exploited by an attacker to conduct a Cross-site scripting attack. The vulnerability is related to insufficient protection measures for the web page structure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2023-05596

CVE-2022-1438

GHSA-W354-2F3C-QVG9

RHSA-2023:1043

RHSA-2023:1044

RHSA-2023:1045

Produtos afetados

Keycloak

PT-2023-5051 · Red Hat · Keycloak

CVE-2022-1438

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21