CVE-2022-1438 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-1438 PUBLISHED CVSS 4.800000190734863 MEDIUM

Keycloak vulnerable to Cross-site Scripting

EPSS 0.15% · 35.7th percentile

Risk Scores

CVSS v3.1

4.800000190734863

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.15%

35.7th percentile

Affected Products

Vendor	Product	Versions
redhat	keycloak
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	0:18.0.6-1.redhat_00001.1.el7sso
Maven	org.keycloak:keycloak-services	0
Red Hat	RHEL-8 based Middleware Containers	7.6-20
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	0:18.0.6-1.redhat_00001.1.el8sso
Red Hat	Red Hat Single Sign-On 7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	0:18.0.6-1.redhat_00001.1.el9sso

Timeline

Feb 27, 2023 CVE Published
Feb 27, 2023 CVE Updated
Sep 22, 2023 EPSS Score
Oct 24, 2023 EPSS Score
Nov 24, 2023 EPSS Score
Dec 26, 2023 EPSS Score
Jan 26, 2024 EPSS Score
Feb 27, 2024 EPSS Score
Mar 29, 2024 EPSS Score
Apr 30, 2024 EPSS Score
Jul 2, 2024 EPSS Score
Aug 2, 2024 EPSS Score

References

RHSA-2023:1043 vendor-advisory
RHSA-2023:1044 vendor-advisory
RHSA-2023:1045 vendor-advisory
RHSA-2023:1047 vendor-advisory
RHSA-2023:1049 vendor-advisory
https://access.redhat.com/security/cve/CVE-2022-1438 vdb
RHBZ#2031904 issue
https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9 url
https://nvd.nist.gov/vuln/detail/CVE-2022-1438 advisory
https://access.redhat.com/security/cve/cve-2022-1438 url
https://github.com/keycloak/keycloak package
https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045 url

Open in Interactive Console →