Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console

GHSA-wf7g-7h6h-678v · CVE-2022-2668

Published Sep 23, 2022 · Modified Dec 3, 2024

Description

An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

References

WEB https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-2668
WEB https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
WEB https://access.redhat.com/security/cve/CVE-2022-2668
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2115392
PACKAGE https://github.com/keycloak/keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes