Описание
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:redhat:keycloak:18.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00473
Низкий
7.2 High
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.4
redhat
больше 3 лет назад
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
CVSS3: 7.2
debian
больше 3 лет назад
An issue was discovered in Keycloak that allows arbitrary Javascript t ...
CVSS3: 7.2
github
больше 3 лет назад
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
EPSS
Процентиль: 64%
0.00473
Низкий
7.2 High
CVSS3
Дефекты
NVD-CWE-noinfo