VDB
CVE-2022-3782
CVE-2022-3782
PUBLISHED
CVSS 8.699999809265137 HIGH
Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Der Fehler besteht in Keycloak aufgrund einer unsachgemäßen Validierung von URLs, die in einer Weiterleitung enthalten sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er eine bösartige Anfrage konstruiert, um die Validierung zu umgehen und auf andere URLs und potenziell vertrauliche Informationen innerhalb der Domain zuzugreifen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.17% · 37.9th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.17%
37.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss A-MQ < 7.10.3 | |
| Hitachi | Hitachi Ops Center | |
| Red Hat | Red Hat Enterprise Linux | |
| Open Source | Open Source Keycloak | |
| Red Hat | Red Hat Enterprise Linux Quarkus |
Exploit Intelligence
- shoucheng3/keycloak__keycloak_CVE-2022-3782_20-0-1 (github-poc)
- shoucheng3/keycloak__keycloak_CVE-2022-3782_20-0-1 (github-poc)
- shoucheng3/keycloak__keycloak_CVE-2022-3782_20-0-1 (github-poc)
- shoucheng3/keycloak__keycloak_CVE-2022-3782_20-0-1 (github-poc)
- shoucheng3/keycloak__keycloak_CVE-2022-3782_20-0-1 (github-poc)
- shoucheng3/keycloak__keycloak_CVE-2022-3782_20-0-1 (github-poc)
- shoucheng3/keycloak__keycloak_CVE-2022-3782_20-0-1 (github-poc)
- security_redirect_uri_test.go (github-poc)
- security_redirect_uri_test.go (github-poc)
- security_redirect_uri_test.go (github-poc)
…and 4 more exploits
Timeline
- Dec 13, 2022 CVE Published
- Jan 12, 2023 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- May 14, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 24, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0200.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0200 advisory
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3782 advisory
- https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q advisory
- https://access.redhat.com/errata/RHSA-2023:1044 advisory
- https://access.redhat.com/errata/RHSA-2023:1045 advisory
- https://access.redhat.com/errata/RHSA-2023:1047 advisory
- https://access.redhat.com/errata/RHSA-2023:1049 advisory
- https://access.redhat.com/errata/RHSA-2023:1043 advisory
- https://access.redhat.com/errata/RHSA-2023:1285 advisory
- https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html advisory
- https://access.redhat.com/errata/RHSA-2023:3815 advisory
- https://access.redhat.com/errata/RHSA-2023:3809 advisory
- https://access.redhat.com/errata/RHSA-2023:2135 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0864.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0864 advisory
- https://access.redhat.com/errata/RHSA-2023:3185 advisory
- https://access.redhat.com/errata/RHSA-2023:1855 advisory
- https://access.redhat.com/errata/RHSA-2023:1661 advisory