Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2050228 | Issue Tracking Vendor Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt | Exploit Third Party Advisory |
https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
06 May 2022, 14:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:single_sign-on:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
First Time |
Redhat keycloak
Redhat single Sign-on Redhat |
|
CWE | CWE-863 | |
References | (MISC) https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt - Exploit, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2050228 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076 - Exploit, Third Party Advisory |
26 Apr 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-26 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-1466
Mitre link : CVE-2022-1466
CVE.ORG link : CVE-2022-1466
JSON object : View
Products Affected
redhat
- keycloak
- single_sign-on
CWE
CWE-863
Incorrect Authorization