VDB

CVE-2022-1274

CVE-2022-1274 PUBLISHED CVSS 5.400000095367432 MEDIUM

Reported by redhat · Published March 29, 2023

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
n/akeycloakunknown
n/akeycloakunknown, unknown, unknown
Mavenorg.keycloak:keycloak-core0, 0, 0

Timeline

  • Feb 27, 2023 CVE Published
  • Mar 30, 2023 EPSS Score
  • May 7, 2023 EPSS Score
  • Jun 14, 2023 EPSS Score
  • Jul 23, 2023 EPSS Score
  • Aug 30, 2023 EPSS Score
  • Oct 7, 2023 EPSS Score
  • Nov 14, 2023 EPSS Score
  • Dec 22, 2023 EPSS Score
  • Jan 29, 2024 EPSS Score
  • Mar 8, 2024 EPSS Score
  • Apr 15, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›