CVE-2022-1245 - OpenCVE

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Keycloak

Configuration 1 [-]

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-07-07T23:39:22

Updated: 2022-07-07T23:39:22

Reserved: 2022-04-05T00:00:00

Link: CVE-2022-1245

JSON object: View

NVD Information

Status : Modified

Published: 2022-07-08T00:15:07.937

Modified: 2023-11-07T03:41:50.320

Link: CVE-2022-1245

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "keycloak", "vendor": "n/a", "versions": [{"status": "affected", "version": "keycloak versions prior to 18.0.0"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862->CWE-863", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-07T23:39:22", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1245", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "keycloak", "version": {"version_data": [{"version_value": "keycloak versions prior to 18.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862->CWE-863"}]}]}, "references": {"reference_data": [{"name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8", "refsource": "MISC", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1245", "datePublished": "2022-07-07T23:39:22", "dateReserved": "2022-04-05T00:00:00", "dateUpdated": "2022-07-07T23:39:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC308493-1A81-4D85-B568-ECAA9AE15A82", "versionEndExcluding": "18.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services."}, {"lang": "es", "value": "Se ha encontrado un fallo de escalada de privilegios en la funcionalidad token exchange de keycloak. Una falta de autorizaci\u00f3n permite que una aplicaci\u00f3n cliente que tenga un token de acceso v\u00e1lido pueda intercambiar tokens para cualquier cliente de destino pasando el client_id del mismo. Esto podr\u00eda permitir a un cliente conseguir acceso no autorizado a servicios adicionales"}], "id": "CVE-2022-1245", "lastModified": "2023-11-07T03:41:50.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-08T00:15:07.937", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "secalert@redhat.com", "type": "Secondary"}]}