Back to bug 2071036
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2022-04-05 19:25:52 UTC | CC | security-response-team | |
| Blocks | 2071057 | |||
| Alias | CVE-2022-1245 | |||
| Summary | EMBARGOED keycloak: Privilege escalation vulnerability on Token Exchange | EMBARGOED CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange | ||
| Pedro Sampaio | 2022-04-05 19:26:34 UTC | Blocks | 2072214 | |
| Jan Werner | 2022-04-20 13:39:05 UTC | Deadline | 2022-03-23 | |
| Group | security, qe_staff | |||
| Summary | EMBARGOED CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange | CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange | ||
| Deadline | 2022-03-23 | |||
| Group | redhat | |||
| Group | redhat | qe_staff, security | ||
| CC | jawerner | |||
| errata-xmlrpc | 2022-05-04 13:06:58 UTC | Group | security, qe_staff | |
| Doc Text | A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could | |||
| Doc Text | allow a client to gain unauthorized access to additional services. | |||
| Fixed In Version | keycloak 18.0.0 | |||
| Link ID | Red Hat Product Errata RHSA-2022:1709 | |||
| errata-xmlrpc | 2022-05-04 13:25:11 UTC | Link ID | Red Hat Product Errata RHSA-2022:1712 | |
| errata-xmlrpc | 2022-05-04 13:25:49 UTC | Link ID | Red Hat Product Errata RHSA-2022:1711 | |
| errata-xmlrpc | 2022-05-04 14:31:21 UTC | Link ID | Red Hat Product Errata RHSA-2022:1713 | |
| Product Security DevOps Team | 2022-05-04 19:15:26 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2022-05-04 19:15:26 UTC |
Back to bug 2071036