CVE-2022-1245 – CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange
https://notcve.org/view.php?id=CVE-2022-1245
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services. Se ha encontrado un fallo de escalada de privilegios en la funcionalidad token exchange de keycloak. Una falta de autorización permite que una aplicación cliente que tenga un token de acceso válido pueda intercambiar tokens para cualquier cliente de destino pasando el client_id del mismo. • https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8 https://access.redhat.com/security/cve/CVE-2022-1245 https://bugzilla.redhat.com/show_bug.cgi?id=2071036 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •
CVE-2022-1466 – keycloak: Improper authorization for master realm
https://notcve.org/view.php?id=CVE-2022-1466
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. Debido a una autorización inapropiada, Red Hat Single Sign-On es vulnerable a que usuarios lleven a cabo acciones que no deberían estar autorizados a realizar. Era posible añadir usuarios al reino maestro aunque no sea concedido el permiso correspondiente A flaw was found in Keycloak. The Red Hat Single Sign-On allowed authed users to perform actions outside their permissions. • https://bugzilla.redhat.com/show_bug.cgi?id=2050228 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076 https://access.redhat.com/security/cve/CVE-2022-1466 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVE-2021-20323 – keycloak-services: POST based reflected Cross Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2021-20323
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. Se ha identificado una vulnerabilidad de tipo Cross Site Scripting reflejado basada en POST en Keycloak A flaw has been found in Keycloak. The clients-registrations endpoint allows execution of javascript code on the client-side, which makes it vulnerable to a Cross-Site Scripting attack. • https://github.com/ndmalc/CVE-2021-20323 https://github.com/Cappricio-Securities/CVE-2021-20323 https://github.com/cscpwn0sec/CVE-2021-20323 https://bugzilla.redhat.com/show_bug.cgi?id=2013577 https://access.redhat.com/security/cve/CVE-2021-20323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-3827 – CVE-2021-3827 keycloak-server-spi-private: ECP SAML binding bypasses authentication flows
https://notcve.org/view.php?id=CVE-2021-3827
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. Se ha encontrado un fallo en keycloak, en el que el flujo de vinculación ECP por defecto permite omitir otros flujos de autenticación. Al explotar este comportamiento, un atacante puede omitir la autenticación MFA mediante el envío de una petición SOAP con un encabezado AuthnRequest y Authorization con las credenciales del usuario. • https://access.redhat.com/security/cve/CVE-2021-3827 https://bugzilla.redhat.com/show_bug.cgi?id=2007512 https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v • CWE-287: Improper Authentication •
CVE-2021-4133 – CVE-2021-4133 Keycloak: Incorrect authorization allows unpriviledged users to create other users
https://notcve.org/view.php?id=CVE-2021-4133
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. Se ha encontrado un fallo en Keycloak en las versiones a partir de la 12.0.0 y anteriores hasta 15.1.1, que permite a un atacante con cualquier cuenta de usuario existente crear nuevas cuentas de usuario por defecto por medio de la API REST administrativa incluso cuando el registro de nuevos usuarios está deshabilitado A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. • https://bugzilla.redhat.com/show_bug.cgi?id=2033602 https://github.com/keycloak/keycloak/issues/9247 https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2021-4133 • CWE-863: Incorrect Authorization •