Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-3782

Опубликовано: 13 янв. 2023
Источник: nvd
CVSS3: 9.1
EPSS Низкий

Описание

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:keycloak:20.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 34%
0.00141
Низкий

9.1 Critical

CVSS3

Дефекты

CWE-22
CWE-22

Связанные уязвимости

redhat логотип

CVE-2022-3782

CVSS3: 8.1
redhat
около 3 лет назад

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

debian логотип

CVE-2022-3782

CVSS3: 9.1
debian
около 3 лет назад

keycloak: path traversal via double URL encoding. A flaw was found in ...

github логотип

GHSA-g8q8-fggx-9r3q

CVSS3: 9.1
github
около 3 лет назад

Keycloak vulnerable to path traversal via double URL encoding

EPSS

Процентиль: 34%
0.00141
Низкий

9.1 Critical

CVSS3

Дефекты

CWE-22
CWE-22