Back to bug 2138971
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Chess Hazlett | 2022-10-31 19:55:33 UTC | CC | security-response-team | |
| Chess Hazlett | 2022-10-31 20:18:08 UTC | Alias | CVE-2022-3782 | |
| Summary | EMBARGOED keycloak: path traversal via double URL encoding | EMBARGOED CVE-2022-3782 keycloak: path traversal via double URL encoding | ||
| Chess Hazlett | 2022-10-31 20:58:19 UTC | Comment | 0 | updated |
| errata-xmlrpc | 2022-12-13 14:00:26 UTC | Deadline | 2022-12-12 | |
| Group | security, qe_staff | |||
| Deadline | 2022-12-12 | |||
| Summary | EMBARGOED CVE-2022-3782 keycloak: path traversal via double URL encoding | CVE-2022-3782 keycloak: path traversal via double URL encoding | ||
| Link ID | Red Hat Product Errata RHSA-2022:8961 | |||
| errata-xmlrpc | 2022-12-13 14:00:43 UTC | Link ID | Red Hat Product Errata RHSA-2022:8962 | |
| errata-xmlrpc | 2022-12-13 14:00:56 UTC | Link ID | Red Hat Product Errata RHSA-2022:8963 | |
| errata-xmlrpc | 2022-12-13 14:05:09 UTC | Link ID | Red Hat Product Errata RHSA-2022:8965 | |
| errata-xmlrpc | 2022-12-13 15:30:32 UTC | Link ID | Red Hat Product Errata RHSA-2022:8964 | |
| Product Security DevOps Team | 2022-12-14 09:48:44 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2022-12-14 09:48:44 UTC | |||
| Chess Hazlett | 2023-01-11 16:46:05 UTC | Fixed In Version | keycloak 20.0.2 | |
| Chess Hazlett | 2023-01-11 16:59:09 UTC | Doc Text | Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. | |
| RaTasha Tillery-Smith | 2023-01-11 19:45:37 UTC | Doc Text | Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. | A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. |
| Chess Hazlett | 2023-01-31 21:08:47 UTC | CC | aileenc, alampare, alazarot, anstephe, asoldano, ataylor, avibelli, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, clement.escoffier, dandread, darran.lofthouse, dhanak, dkreling, dosoudil, emingora, eric.wittmann, fjuma, gjospin, gmalinko, gsmet, hamadhan, ibek, ivassile, iweiss, janstey, jmartisk, jpavlik, jrokos, jross, jwon, kverlaen, lbacciot, lgao, lthon, max.andersen, mnovotny, mokumar, mosmerov, msochure, msvehla, nwallace, pantinor, pdelbell, peholase, pgallagh, pmackay, probinso, rguimara, rjohnson, rkieley, rrajasek, rruss, rstancel, rsvoboda, sbiarozk, sdouglas, smaestri, tom.jenkinson | |
| Grzegorz Grzybek | 2023-02-13 06:37:36 UTC | CC | ggrzybek | |
| Grzegorz Grzybek | 2023-02-13 06:45:19 UTC | CC | mposolda | |
| Flags | needinfo?(mposolda) | |||
| Marek Novotny | 2023-02-14 09:56:59 UTC | Flags | needinfo?(mposolda) | |
| Flags | needinfo?(chazlett) | |||
| Chess Hazlett | 2023-02-21 20:39:39 UTC | Flags | needinfo?(chazlett) | needinfo?(pjindal) |
| Paramvir jindal | 2023-02-27 23:59:36 UTC | Flags | needinfo?(pjindal) | |
| errata-xmlrpc | 2023-03-01 21:43:37 UTC | Link ID | Red Hat Product Errata RHSA-2023:1043 | |
| errata-xmlrpc | 2023-03-01 21:46:04 UTC | Link ID | Red Hat Product Errata RHSA-2023:1044 | |
| errata-xmlrpc | 2023-03-01 21:48:32 UTC | Link ID | Red Hat Product Errata RHSA-2023:1045 | |
| errata-xmlrpc | 2023-03-01 21:51:19 UTC | Link ID | Red Hat Product Errata RHSA-2023:1047 | |
| errata-xmlrpc | 2023-03-01 21:59:34 UTC | Link ID | Red Hat Product Errata RHSA-2023:1049 | |
| errata-xmlrpc | 2023-03-16 07:57:12 UTC | Link ID | Red Hat Product Errata RHSA-2023:1285 | |
| errata-xmlrpc | 2023-04-05 13:35:16 UTC | Link ID | Red Hat Product Errata RHSA-2023:1661 | |
| errata-xmlrpc | 2023-04-27 00:48:54 UTC | Link ID | Red Hat Product Errata RHSA-2023:2041 | |
| errata-xmlrpc | 2023-05-04 15:57:21 UTC | Link ID | Red Hat Product Errata RHSA-2023:2135 | |
| errata-xmlrpc | 2023-05-17 13:58:58 UTC | Link ID | Red Hat Product Errata RHSA-2023:3185 | |
| errata-xmlrpc | 2023-06-27 11:29:04 UTC | Link ID | Red Hat Product Errata RHSA-2023:3815 |
Back to bug 2138971