CVE-2022-1466

Опубликовано: 26 апр. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2050228
Issue Tracking
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
Exploit
Third Party Advisory
https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
Exploit
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2050228
Issue Tracking
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
Exploit
Third Party Advisory
https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

Версия до 17.0.1 (исключая)

cpe:2.3:a:redhat:single_sign-on:7.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00158

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

CVE-2022-1466

CVSS3: 6.5

redhat

около 4 лет назад

GHSA-f32v-vf79-p29q

CVSS3: 6.5

github

почти 4 года назад

Improper authorization in Keycloak

EPSS

Процентиль: 37%

0.00158

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863