Lucene search

Keycloak vulnerable to LDAP Injection on UsernameForm Login

🗓️ 29 Nov 2023 21:07:33Reported by GitHub Advisory DatabaseType

Keycloak LDAP Injection Vulnerability

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 17
Circl	CVE-2022-2232	14 Nov 202414:55	–	circl
OSV	GHSA-8HC5-RMGF-QX6P Keycloak vulnerable to LDAP Injection on UsernameForm Login	29 Nov 202321:33	–	osv
OSV	RHSA-2024:0096 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 9	16 Sep 202416:30	–	osv
OSV	RHSA-2024:0094 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 7	16 Sep 202416:29	–	osv
OSV	RHSA-2024:0095 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 8	16 Sep 202416:30	–	osv
Vulnrichment	CVE-2022-2232 Keycloak: ldap injection on username input	14 Nov 202414:51	–	vulnrichment
Veracode	LDAP Injection	30 Nov 202310:30	–	veracode
Cvelist	CVE-2022-2232 Keycloak: ldap injection on username input	14 Nov 202414:51	–	cvelist
NVD	CVE-2022-2232	14 Nov 202415:15	–	nvd
CVE	CVE-2022-2232	14 Nov 202415:15	–	cve

Vulners

Node

org.keycloak keycloak-servicesRange<23.0.1

org.keycloak keycloak-ldap-federationRange<23.0.1

Source	Link
github	www.github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
github	www.github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
github	www.github.com/advisories/GHSA-8hc5-rmgf-qx6p

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Nov 2023 21:33Current

6.9Medium risk

Vulners AI Score6.9

CVSS37.5

EPSS0.00217

SSVC

CWE-90