Lucene search
K

9 matches found

OSV
OSV
added 2022/07/08 12:15 a.m.17 views

CVE-2022-1245

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...

9.8CVSS7AI score
Exploits0References1
CVE
CVE
added 2022/07/07 11:39 p.m.243 views

CVE-2022-1245

CVE-2022-1245 affects Keycloak-based Red Hat Single Sign-On (RH SSO) 7.5.x. The flaw enables privilege escalation via the token-exchange feature where a client with a valid access token can exchange tokens for any target client by supplying its client_id, potentially gaining unauthorized access t...

9.8CVSS9.4AI score0.01299EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/07 11:39 p.m.42 views

CVE-2022-1245

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...

9.8AI score0.01299EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/05/04 2:31 p.m.87 views

Moderate: Red Hat Security Advisory: security update for rh-sso-7/sso75-openshift-rhel8 container image

Security updated rh-sso-7/sso75-openshift-rhel8 container image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.2AI score0.01299EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/04 1:27 p.m.26 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update on RHEL 7

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.3AI score0.01299EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/04 1:27 p.m.28 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update on RHEL 8

New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.3AI score0.01299EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/05/04 1:6 p.m.46 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.2 security update

A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.3AI score0.01299EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/05/04 12:0 a.m.28 views

RHEL 8 : Red Hat Single Sign-On 7.5.2 security update on RHEL 8 (Moderate) (RHSA-2022:1712)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1712 advisory. Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on...

9.8CVSS8.3AI score0.01299EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2022/04/19 3:57 p.m.34 views

CVE-2022-1245

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...

9.8CVSS3.9AI score0.01299EPSS
Exploits0References4
Rows per page
Query Builder