Keycloak Package Vulnerability: LDAP Injection Flaw Discovered

CVE-2022-2232

7.5HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Single Sign-on 7
Vendor: CVE Published:; 14 November 2024

Summary

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.5 - (HIGH)
Nov 14, 2024
Vulnerability published.
Nov 14, 2024
Vulnerability Reserved.
Jun 27, 2022
Reported to Red Hat.
Jun 10, 2022

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Konstantin Goldenberg (VHV) for reporting this issue.

.