CVE-2022-2232

Опубликовано: 29 нояб. 2023

Источник: redhat

CVSS3: 7.5

Описание

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.

Меры по смягчению последствий

This flaw requires a misconfiguration of the "UUID LDAP Attribute" values. When they are set to the standard entryUUID, objectGUID or nsuniqueid Keycloak is not vulnerable.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Single Sign-On 7	rh-sso7-keycloak	Affected
Red Hat Single Sign-On 7	rh-sso7-keycloak	Fixed	RHSA-2024:0094	09.01.2024
Red Hat Single Sign-On 7	rh-sso7-keycloak	Fixed	RHSA-2024:0095	09.01.2024
Red Hat Single Sign-On 7	rh-sso7-keycloak	Fixed	RHSA-2024:0096	09.01.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2096994keycloak: LDAP injection on username input

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-2232

CVSS3: 7.5

nvd

около 1 года назад

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.

CVE-2022-2232

CVSS3: 7.5

debian

около 1 года назад

A flaw was found in the Keycloak package. This flaw allows an attacker ...

GHSA-8hc5-rmgf-qx6p

github

около 2 лет назад

Keycloak vulnerable to LDAP Injection on UsernameForm Login

7.5 High

CVSS3