Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

Published

2022-08-05T17:15:08.663

Last Modified

2024-11-21T07:01:28.817

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	keycloak	18.0.0	Yes
Application	redhat	single_sign-on	7.0	Yes

References

https://access.redhat.com/security/cve/CVE-2022-2668 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-2668 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)