A flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with "Security Key login" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection.
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2024:0799 https://access.redhat.com/errata/RHSA-2024:0799
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2024:0800 https://access.redhat.com/errata/RHSA-2024:0800
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2024:0798 https://access.redhat.com/errata/RHSA-2024:0798
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2024:0801 https://access.redhat.com/errata/RHSA-2024:0801
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2024:0804 https://access.redhat.com/errata/RHSA-2024:0804
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2024:1860 https://access.redhat.com/errata/RHSA-2024:1860
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2024:1861 https://access.redhat.com/errata/RHSA-2024:1861
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2024:1862 https://access.redhat.com/errata/RHSA-2024:1862
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2024:1864 https://access.redhat.com/errata/RHSA-2024:1864
This issue has been addressed in the following products: RHSSO 7.6.8 Via RHSA-2024:1866 https://access.redhat.com/errata/RHSA-2024:1866
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2024:1865 https://access.redhat.com/errata/RHSA-2024:1865
This issue has been addressed in the following products: Red Hat build of Keycloak 22.0.10 Via RHSA-2024:1868 https://access.redhat.com/errata/RHSA-2024:1868
This issue has been addressed in the following products: Red Hat build of Keycloak 22 Via RHSA-2024:1867 https://access.redhat.com/errata/RHSA-2024:1867