// For flags

CVE-2022-3916

Keycloak: session takeover with oidc offline refreshtokens

Severity Score

6.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

Se encontró una falla en el alcance offline_access en Keycloak. Este problema afectaría más a los usuarios de ordenadores compartidos (especialmente si las cookies no se borran), debido a la falta de validación de la sesión root y a la reutilización de los identificadores de sesión en las sesiones de autenticación de usuario y root. Esto permite a un atacante resolver una sesión de usuario adjunta a un usuario previamente autenticado; al utilizar el token de actualización, se les emitirá un token para el usuario original.

*Credits: Red Hat would like to thank Peter Flintholm (Trifork) for reporting this issue.
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2022-11-09 CVE Reserved
  • 2022-12-13 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-09-26 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-384: Session Fixation
  • CWE-613: Insufficient Session Expiration
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Single Sign-on
Search vendor "Redhat" for product "Single Sign-on"
7.6
Search vendor "Redhat" for product "Single Sign-on" and version "7.6"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Redhat
Search vendor "Redhat"
Single Sign-on
Search vendor "Redhat" for product "Single Sign-on"
7.6
Search vendor "Redhat" for product "Single Sign-on" and version "7.6"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Single Sign-on
Search vendor "Redhat" for product "Single Sign-on"
7.6
Search vendor "Redhat" for product "Single Sign-on" and version "7.6"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
9.0
Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"
-
Safe
Redhat
Search vendor "Redhat"
Openshift Container Platform
Search vendor "Redhat" for product "Openshift Container Platform"
4.9
Search vendor "Redhat" for product "Openshift Container Platform" and version "4.9"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Openshift Container Platform
Search vendor "Redhat" for product "Openshift Container Platform"
4.10
Search vendor "Redhat" for product "Openshift Container Platform" and version "4.10"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Openshift Container Platform For Linuxone
Search vendor "Redhat" for product "Openshift Container Platform For Linuxone"
4.9
Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.9"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Openshift Container Platform For Linuxone
Search vendor "Redhat" for product "Openshift Container Platform For Linuxone"
4.10
Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.10"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Openshift Container Platform For Power
Search vendor "Redhat" for product "Openshift Container Platform For Power"
4.9
Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.9"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Openshift Container Platform For Power
Search vendor "Redhat" for product "Openshift Container Platform For Power"
4.10
Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.10"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Openshift Container Platform Ibm Z Systems
Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems"
4.9
Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" and version "4.9"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Openshift Container Platform Ibm Z Systems
Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems"
4.10
Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" and version "4.10"
-
Affected
in Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
Keycloak
Search vendor "Redhat" for product "Keycloak"
< 20.0.2
Search vendor "Redhat" for product "Keycloak" and version " < 20.0.2"
-
Affected
Redhat
Search vendor "Redhat"
Single Sign-on
Search vendor "Redhat" for product "Single Sign-on"
-text-only
Affected