CVE-2022-4361

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Keycloak versions (affected versions not specified)

Description The issue is related to a cross-site scripting (XSS) vulnerability in Keycloak, an open-source identity and access management solution. This vulnerability can be exploited by setting the AssertionConsumerServiceURL value or the redirect uri, allowing an attacker to execute malicious scripts. The vulnerability is also related to the lack of filtering of a non-existent web page name when generating a 404 error page, which can lead to the execution of arbitrary scripts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-81CWE-79

Related Identifiers

BDU:2023-03467

CVE-2022-4361

GHSA-3P62-6FJH-3P5H

RHSA-2023:3883

RHSA-2023:3884

RHSA-2023:3885

Affected Products

Keycloak

CVE-2022-4361

Weakness Enumeration

Related Identifiers

Affected Products

References · 10