Fluid Attacks Database

Description

Keycloak vulnerable to LDAP Injection on UsernameForm Login A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.keycloak:keycloak-services	>=0 <23.0.1	23.0.1
maven	org.keycloak:keycloak-ldap-federation	>=0 <23.0.1	23.0.1

Aliases

1. CVE-2022-22322. NVD-2022-22323. OSV-2022-22324. GHSA-8hc5-rmgf-qx6p5. GCVE-2022-2232

References

1. https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p2. https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.