QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1438

Published: Sep 20, 2023

Modified: Sep 24, 2024

PUBLISHED

CVSS v3.1

6.4

MEDIUM

Description

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

Vendor	Product	Versions
Red Hat	Red Hat Single Sign-On 7	All versions
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	unaffected `0:18.0.6-1.redhat_00001.1.el7sso - < *`
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	unaffected `0:18.0.6-1.redhat_00001.1.el8sso - < *`
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	unaffected `0:18.0.6-1.redhat_00001.1.el9sso - < *`
Red Hat	RHEL-8 based Middleware Containers	unaffected `7.6-20 - < *`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2022-1438

vdb-entry

x_refsource_REDHAT

issue-tracking

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.