Home > Vulnerability Database > CVE-2022-2237

Mend Vulnerability Database

CVE-2022-2237

Good to know:

Date: June 28, 2022

keycloak-connect contains Open redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param prompt=none. The issue is patched in version 21.0.1.

Language: JS

Severity Score

6.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2237

Url: https://github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c21

Url: https://github.com/advisories/GHSA-59fq-727j-hm3f

Url: https://www.mend.io/vulnerability-database/CVE-2022-2237

Severity Score

6.8

Top Fix

Upgrade Version

Upgrade to version keycloak-connect - 21.0.1

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend Vulnerability Database

We found results for “”

CVE-2022-2237

Good to know:

Date: June 28, 2022

Language: JS

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?