Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3782

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

Published

2023-01-13T06:15:11.187

Last Modified

2025-04-09T14:15:24.100

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Primary
CWE-22
Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	keycloak	20.0.2	Yes

References

https://access.redhat.com/security/cve/CVE-2022-3782 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-3782 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)