logo

Database

Authentication mechanism absence or evasion In org.keycloak:keycloak-core

Description

Improper authorization in Keycloak Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-14662. NVD-2022-14663. OSV-2022-14664. GCVE-2022-1466

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=20502282. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt3. https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.