We found results for “”
CVE-2022-2232
Good to know:
Date: June 28, 2022
A flaw was found in the Keycloak package. Prior to 22.0.6 and 23.0.1, this flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
Language: Java
Severity Score
Severity Score
Top Fix
Upgrade Version
Upgrade to version org.keycloak:keycloak-services:22.0.6,23.0.1, org.keycloak:keycloak-ldap-federation:22.0.6,23.0.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |