CVE-2022-2668 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-2668 PUBLISHED CVSS 7.199999809265137 HIGH

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

EPSS 0.47% · 64.5th percentile

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.47%

64.5th percentile

Affected Products

Vendor	Product	Versions
redhat	single_sign-on	7.0
Maven	org.keycloak:keycloak-parent	0
n/a	keycloak	Keycloak 18
redhat	keycloak	18.0.0

Timeline

Aug 5, 2022 CVE Published
Aug 6, 2022 EPSS Score
Sep 21, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Dec 21, 2022 EPSS Score
Feb 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 23, 2023 EPSS Score
May 7, 2023 EPSS Score
Jun 22, 2023 EPSS Score
Aug 7, 2023 EPSS Score
Sep 22, 2023 EPSS Score

References

Open in Interactive Console →