A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2073157 | Issue Tracking Vendor Advisory |
https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725 | Third Party Advisory |
https://herolab.usd.de/security-advisories/usd-2021-0033/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
22 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Apr 2023, 01:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat single Sign-on Redhat enterprise Linux For Power Little Endian Eus Redhat keycloak Redhat enterprise Linux For Ibm Z Systems Redhat openshift Container Platform Redhat Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2073157 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725 - Third Party Advisory |
29 Mar 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-29 21:15
Updated : 2023-12-22 16:15
NVD link : CVE-2022-1274
Mitre link : CVE-2022-1274
CVE.ORG link : CVE-2022-1274
JSON object : View
Products Affected
redhat
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux
- enterprise_linux_for_ibm_z_systems_eus
- openshift_container_platform
- keycloak
- single_sign-on
- enterprise_linux_for_power_little_endian