CVE-2022-4137 in Keycloakinfo

Summary

by MITRE • 09/25/2023

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

11/24/2022

Disclosure

09/25/2023

Moderation

accepted

CPE

ready

EPSS

0.01149

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!