CVE-2022-2237

Опубликовано: 01 мар. 2023

Источник: redhat

CVSS3: 6.8

EPSS Низкий

Описание

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

Отчет

CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat AMQ Broker 7	keycloak-adapter-core	Not affected
Red Hat build of Quarkus	keycloak-adapter-core	Not affected
Red Hat CodeReady Studio 12	keycloak-adapter-core	Out of support scope
Red Hat Decision Manager 7	keycloak-adapter-core	Not affected
Red Hat Fuse 7	keycloak-adapter-core	Not affected
Red Hat Fuse 7	keycloak-core	Not affected
Red Hat OpenShift Container Platform 3.11	keycloak-adapter-core	Out of support scope
Red Hat Process Automation 7	keycloak-adapter-core	Not affected
Red Hat Satellite 6	keycloak-adapter-core	Not affected
Red Hat Single Sign-On 7	keycloak-js-adapter	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-601

https://bugzilla.redhat.com/show_bug.cgi?id=2097007Adapter: Open redirect vulnerability in checkSSO

EPSS

Процентиль: 30%

0.00113

Низкий

6.8 Medium

CVSS3

Связанные уязвимости

CVE-2022-2237

CVSS3: 6.1

nvd

почти 3 года назад

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

CVE-2022-2237

CVSS3: 6.1

debian

почти 3 года назад

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an ...

GHSA-59fq-727j-hm3f

CVSS3: 6.1

github

почти 3 года назад

keycloak-connect contains Open redirect vulnerability in the Node.js adapter

EPSS

Процентиль: 30%

0.00113

Низкий

6.8 Medium

CVSS3