Improper authorization in Keycloak

GHSA-f32v-vf79-p29q · CVE-2022-1466

Published Apr 27, 2022 · Modified Nov 8, 2023

Description

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-1466
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2050228
PACKAGE https://github.com/keycloak/keycloak
WEB https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
WEB https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes