Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4137


A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.


Published

2023-09-25T20:15:09.897

Last Modified

2024-11-21T07:34:38.850

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-81
  • Type: Primary
    CWE-79

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat keycloak - Yes
Application redhat single_sign-on 7.6 Yes
Operating System redhat enterprise_linux 7.0 No
Operating System redhat enterprise_linux 8.0 No
Operating System redhat enterprise_linux 9.0 No

References