GHSA-q2gp-gph3-88x9

Опубликовано: 06 авг. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.2

Описание

Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references.

Original Description

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-2668
https://access.redhat.com/security/cve/CVE-2022-2668
https://bugzilla.redhat.com/show_bug.cgi?id=2115392

Пакеты

Наименование

org.keycloak:keycloak-saml-core

maven

Затронутые версииВерсия исправления

<= 19.0.1

Отсутствует

7.2 High

CVSS3

7.2 High

CVSS3