CVE-2022-4361
Improper Neutralization of Script in an Error Message Web Page (CWE-81)
Published: Jun 27, 2023 / Updated: 17mo ago
010
CVSS 6.1EPSS 0.04%Medium
CVE info copied to clipboard
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2022-4361. See article
Jun 27, 2023 at 3:00 PM / access.redhat.com
Threat Intelligence Report
CVE-2022-4361 is a critical vulnerability that allows users to inject arbitrary JavaScript code into the Web UI, potentially leading to credentials disclosure. This vulnerability has a high CVSS score and is actively being exploited in the wild by threat actors. There are currently no known mitigations, detections, or patches available, and downstream impacts to other third-party vendors or technologies may be significant. See article
Jul 8, 2023 at 6:58 PM
Affected Systems
Redhat/keycloak
+null more
Patches
bugzilla.redhat.com
+null more
Attack Patterns
CAPEC-198: XSS Targeting Error Pages
+null more
Vendor Advisory
[GHSA-3p62-6fjh-3p5h] Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
GitHub Security Advisory: GHSA-3p62-6fjh-3p5h Release Date: 2023-06-28 Update Date: 2023-06-30 Severity: Moderate CVE-2022-4361 Package Information Package: org.keycloak:keycloak-services Affected Versions: Patched Versions: 21.1.2 Description AssertionConsumerServiceURL is a Java implementation for SAML Service Providers (org.keycloak.protocol.saml). Affected versions of this package are vulnerable to Cross-site Scripting (XSS). AssertionConsumerServiceURL allows XSS when sending a crafted SAML XML request.
References
Red Hat Single Sign-On 7.6 for RHEL 8
Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 8 Red Hat Product Security has rated this update as having a security impact of Important.
RHSA-2023:3888: Important: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update
A new image is available for Red Hat Single Sign-On 7.6.4, running on OpenShift Container Platform 3.10 and 3.11, and 4.12.0.Red Hat Product Security has rated this update as having a security impact of This erratum releases a new image for Red Hat Single Sign-On 7.6.4 for
CVE-2022-4361
CWE-81: Improper Neutralization of Script in an Error Message Web Page The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
News
Red Hat Single Sign-On 7.6 for RHEL 8
Important: Red Hat Single Sign-On 7.6.4 security update on RHEL 8 Red Hat Product Security has rated this update as having a security impact of Important.
Vigilance.fr - Keycloak: Cross Site Scripting via SAML / OIDC URI-schemes, analyzed on 28/06/2023
This weakness bulletin impacts software or systems such as Keycloak, Red Hat SSO . Impacted systems: Keycloak, Red Hat SSO .
Vulnerability Summary for the Week of July 3, 2023 | CISA
duxcms — duxcms File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. 2023-07-06 not yet calculated CVE-2020-21861 MISC duxcms — duxcms Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del. 2023-07-06 not yet calculated CVE-2020-21862 MISC fuel-cms — fuel-cms Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. 2023-07-03 not yet calculated CVE-2020-22151 MISC fuel-cms — fuel-cms Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function. 2023-07-03 not yet calculated CVE-2020-22152 MISC fuel-cms — fuel-cms File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. 2023-07-03 not yet calculated CVE-2020-22153 MISC pdfcrack — pdfcrack An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function. 2023-07-06 not yet calculated CVE-2020-22336 MISC jerryscript_ project — jerryscript An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. 2023-07-03 not yet calculated CVE-2020-22597 MISC selenium — grid A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page. 2023-07-05 not yet calculated CVE-2020-23452 MISC gnuplot — gnuplot gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().
RHEL 8 : Red Hat Single Sign-On 7.6.4 security update on RHEL 8 (Important) (RHSA-2023:3884)
Considering the environment is correctly set to use Revalidate Client Certificate this flaw is avoidable. This flaw depends on a non-default configuration Revalidate Client Certificate to be enabled and the reverse proxy is not validating the certificate before Keycloak.
CVE-2022-4361
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. (CVSS:0.0) (Last Update:2023-07-08)
See 15 more articles and social media posts