GHSA-8hc5-rmgf-qx6p

Опубликовано: 29 нояб. 2023

Источник: github

Github: Прошло ревью

Описание

Keycloak vulnerable to LDAP Injection on UsernameForm Login

A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-ldap-federation

maven

Затронутые версииВерсия исправления

< 23.0.1

23.0.1

Наименование

org.keycloak:keycloak-services

maven

Затронутые версииВерсия исправления

< 23.0.1

23.0.1

EPSS

Процентиль: 24%

0.00083

Низкий

CVE ID

CVE-2022-2232

Дефекты

CWE-90

Связанные уязвимости

CVE-2022-2232

CVSS3: 7.5

redhat

около 2 лет назад

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.

CVE-2022-2232

CVSS3: 7.5

nvd

около 1 года назад

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.

CVE-2022-2232

CVSS3: 7.5

debian

около 1 года назад

A flaw was found in the Keycloak package. This flaw allows an attacker ...

EPSS

Процентиль: 24%

0.00083

Низкий

CVE ID

CVE-2022-2232

Дефекты

CWE-90