GHSA-wf7g-7h6h-678v

Опубликовано: 23 сент. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.2

Описание

Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console

An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-parent

maven

Затронутые версииВерсия исправления

< 19.0.2

19.0.2

EPSS

Процентиль: 64%

0.00473

Низкий

7.2 High

CVSS3

CVE ID

CVE-2022-2668

Связанные уязвимости

CVE-2022-2668

CVSS3: 6.4

redhat

больше 3 лет назад

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

CVE-2022-2668

CVSS3: 7.2

nvd

больше 3 лет назад

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

CVE-2022-2668

CVSS3: 7.2

debian

больше 3 лет назад

An issue was discovered in Keycloak that allows arbitrary Javascript t ...

EPSS

Процентиль: 64%

0.00473

Низкий

7.2 High

CVSS3

CVE ID

CVE-2022-2668