Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2151618 | Issue Tracking Vendor Advisory |
https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a | Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2023-07-07T19:57:44.567Z
Updated: 2023-07-07T19:57:44.567Z
Reserved: 2022-12-08T11:04:48.560Z
Link: CVE-2022-4361
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-07T20:15:09.813
Modified: 2023-07-17T17:50:07.437
Link: CVE-2022-4361
JSON object: View
Redhat Information
No data.