CVE-2022-1438 — Vulnetix

CVE-2022-1438 PUBLISHED CVSS 4.800000190734863 MEDIUM

Keycloak vulnerable to Cross-site Scripting

EPSS 0.17% · 37.5th percentile

Risk Scores

CVSS 3.1

4.800000190734863

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.17%

37.5th percentile

Affected Products

Vendor	Product	Versions
redhat	keycloak
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	0:18.0.6-1.redhat_00001.1.el7sso
Maven	org.keycloak:keycloak-services	0
Red Hat	RHEL-8 based Middleware Containers	7.6-20
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	0:18.0.6-1.redhat_00001.1.el8sso
Red Hat	Red Hat Single Sign-On 7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	0:18.0.6-1.redhat_00001.1.el9sso

Exploit Intelligence

RHSA-2023:1043 (circl)
RHSA-2023:1044 (circl)
RHSA-2023:1045 (circl)
RHSA-2023:1047 (circl)
RHSA-2023:1049 (circl)
https://access.redhat.com/security/cve/CVE-2022-1438 (circl)
RHBZ#2031904 (circl)

Timeline

Feb 27, 2023 CVE Published
Feb 27, 2023 CVE Updated
Sep 22, 2023 EPSS Score
Oct 24, 2023 EPSS Score
Nov 25, 2023 EPSS Score
Dec 27, 2023 EPSS Score
Jan 28, 2024 EPSS Score
Mar 1, 2024 EPSS Score
Apr 2, 2024 EPSS Score
May 4, 2024 EPSS Score
Jul 7, 2024 EPSS Score
Aug 8, 2024 EPSS Score

References

RHSA-2023:1043 vendor-advisory
RHSA-2023:1044 vendor-advisory
RHSA-2023:1045 vendor-advisory
RHSA-2023:1047 vendor-advisory
RHSA-2023:1049 vendor-advisory
https://access.redhat.com/security/cve/CVE-2022-1438 vdb
RHBZ#2031904 issue
https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9 url
https://nvd.nist.gov/vuln/detail/CVE-2022-1438 advisory
https://access.redhat.com/security/cve/cve-2022-1438 url
https://github.com/keycloak/keycloak package
https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›