CVE-2022-4361
high-risk
Published 2023-07-07
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
Do I need to act?
~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 99774b3f7a776476e7f04e472e13e3915971a6fb, a1cfe6e24e5b34792699a00b8b4a8016a5929e3a
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (9)
Openshift Container Platform For Ibm Linuxone
Openshift Container Platform For Ibm Linuxone
Affected Vendors
References (4)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2151618
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2151618
52
/ 100
high-risk
Severity
33/34 · Critical
Exploitability
4/34 · Minimal
Exposure
15/34 · Moderate