CVE-2022-2668

Опубликовано: 04 авг. 2022

Источник: redhat

CVSS3: 6.4

EPSS Низкий

Описание

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-440

https://bugzilla.redhat.com/show_bug.cgi?id=2115392keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

EPSS

Процентиль: 64%

0.00473

Низкий

6.4 Medium

CVSS3

Связанные уязвимости

CVE-2022-2668

CVSS3: 7.2

nvd

больше 3 лет назад

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

CVE-2022-2668

CVSS3: 7.2

debian

больше 3 лет назад

An issue was discovered in Keycloak that allows arbitrary Javascript t ...

GHSA-wf7g-7h6h-678v

CVSS3: 7.2

github

больше 3 лет назад

Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console

EPSS

Процентиль: 64%

0.00473

Низкий

6.4 Medium

CVSS3