CVE-2022-1466 Vulnerability in maven package org.keycloak:keycloak-core

Description

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=2050228

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt

https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076

Related Vulnerabilities

CVE-2021-23926 Vulnerability in maven package org.apache.xmlbeans:xmlbeans

CVE-2023-49654 Vulnerability in maven package org.jenkins-ci.plugins:matlab

CVE-2022-28731 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

CVE-2022-46686 Vulnerability in maven package io.jenkins.plugins:custom-build-properties

CVE-2022-36127 Vulnerability in npm package skywalking-backend-js

Severity

High

Classification

CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N