GHSA-w8v7-c7pm-7wfr

Опубликовано: 02 сент. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)

Duplicate Advisory

This advisory is a duplicate of GHSA-w9mf-83w3-fv49. This link is maintained to preserve external references.

Original Description

A stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

Ссылки

https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
https://nvd.nist.gov/vuln/detail/CVE-2022-2256
https://bugzilla.redhat.com/show_bug.cgi?id=2101942

Пакеты

Наименование

org.keycloak:keycloak-core

maven

Затронутые версииВерсия исправления

<= 19.0.1

Отсутствует

5.4 Medium

CVSS3

Дефекты

CWE-79

5.4 Medium

CVSS3

Дефекты

CWE-79