CVE-2022-2256

Name of the Vulnerable Software and Affected Versions Red Hat Single Sign-On 7 Keycloak versions prior to 18.0.1

Description A Stored Cross-site scripting (XSS) vulnerability was found in Keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

Recommendations For Red Hat Single Sign-On 7, consider disabling the default roles functionality in the admin console until a patch is available. For Keycloak versions prior to 18.0.1, restrict access to the admin console to minimize the risk of exploitation. As a temporary workaround, consider disabling any features that may be abusing the default roles functionality in the admin console until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.