
We found results for “”
CVE-2022-2232
Good to know:


Date: November 14, 2024
A flaw was found in the Keycloak package. Prior to 22.0.6 and 23.0.1, this flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
Language: Java
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version org.keycloak:keycloak-services:23.0.1;org.keycloak:keycloak-ldap-federation:23.0.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |