CVE-2022-4137 – Keycloak: reflected xss attack
https://notcve.org/view.php?id=CVE-2022-4137
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. Se encontró una vulnerabilidad reflejada de scross-site scripting (XSS) en el endpoint de OAuth 'oob' debido a un manejo incorrecto de bytes nulos. • https://access.redhat.com/errata/RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1049 https://access.redhat.com/security/cve/CVE-2022-4137 https://bugzilla.redhat.com/show_bug.cgi?id=2148496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •
CVE-2023-4918 – Plaintext storage of user password
https://notcve.org/view.php?id=CVE-2023-4918
A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. Se encontró una falla en el paquete Keycloak, más específicamente en org.keycloak.userprofile. Cuando un usuario se registra a través del flujo de registro, los campos "contraseña" y "confirmación de contraseña" del formulario aparecerán como atributos de usuario normales. • https://access.redhat.com/security/cve/CVE-2023-4918 https://bugzilla.redhat.com/show_bug.cgi?id=2238588 https://github.com/keycloak/keycloak/security/advisories/GHSA-5q66-v53q-pm35 • CWE-256: Plaintext Storage of a Password CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-0264 – keycloak: user impersonation via stolen uuid code
https://notcve.org/view.php?id=CVE-2023-0264
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. Se ha encontrado un fallo en la autenticación de usuarios en OpenID Connect de Keycloak, que podría autenticar incorrectamente las solicitudes. Un atacante autenticado que pudiera obtener información de una solicitud de usuario dentro del mismo entorno, podría utilizar esos datos para hacerse pasar por la víctima y generar nuevos tokens de sesión. • https://github.com/twwd/CVE-2023-0264 https://access.redhat.com/security/cve/CVE-2023-0264 https://bugzilla.redhat.com/show_bug.cgi?id=2160585 • CWE-287: Improper Authentication CWE-303: Incorrect Implementation of Authentication Algorithm •
CVE-2023-2422 – Keycloak: oauth client impersonation
https://notcve.org/view.php?id=CVE-2023-2422
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. Se encontró una falla en Keycloak. Un servidor Keycloak configurado para admitir la autenticación mTLS para clientes OAuth/OpenID no verifica correctamente la cadena de certificados del cliente. • https://access.redhat.com/errata/RHSA-2023:3883 https://access.redhat.com/errata/RHSA-2023:3884 https://access.redhat.com/errata/RHSA-2023:3885 https://access.redhat.com/errata/RHSA-2023:3888 https://access.redhat.com/errata/RHSA-2023:3892 https://access.redhat.com/security/cve/CVE-2023-2422 https://bugzilla.redhat.com/show_bug.cgi?id=2191668 • CWE-295: Improper Certificate Validation •
CVE-2022-4361 – RHSSO: XSS due to lax URI scheme validation
https://notcve.org/view.php?id=CVE-2022-4361
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. • https://bugzilla.redhat.com/show_bug.cgi?id=2151618 https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a https://access.redhat.com/security/cve/CVE-2022-4361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-81: Improper Neutralization of Script in an Error Message Web Page •