8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
37.1%
A reflected cross-site scripting (XSS) vulnerability was found in the oob
OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page.
access.redhat.com/errata/RHSA-2023:1043
access.redhat.com/errata/RHSA-2023:1044
access.redhat.com/errata/RHSA-2023:1045
access.redhat.com/errata/RHSA-2023:1049
access.redhat.com/security/cve/CVE-2022-4137
bugzilla.redhat.com/show_bug.cgi?id=2148496
github.com/keycloak/keycloak
github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
github.com/keycloak/keycloak/pull/16774
github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
nvd.nist.gov/vuln/detail/CVE-2022-4137