Back to bug 2151618
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2022-12-08 11:05:20 UTC | CC | security-response-team | |
| Alias | CVE-2022-4361 | |||
| Summary | EMBARGOED Keycloak | RHSSO: XSS in AssertionConsumerServiceURL / redirect_uri does not validate URL-scheme | EMBARGOED CVE-2022-4361 Keycloak | RHSSO: XSS in AssertionConsumerServiceURL / redirect_uri does not validate URL-scheme | ||
| Red Hat Bugzilla | 2022-12-31 23:43:15 UTC | CC | aboyko | |
| Paige Jung | 2023-02-27 16:07:30 UTC | Doc Text | This vulnerability allows an attacker to inject malicious code into the SAML request, which can be used to steal user data or perform other malicious activities. | |
| Doc Text | This vulnerability allows an attacker to inject malicious code into the SAML request, which can be used to steal user data or perform other malicious activities. | A flaw was found in Keycloak. This issue may allow an attacker to inject malicious code into the SAML request, which can be used to steal user data or perform other malicious activities. | ||
| errata-xmlrpc | 2023-06-27 18:49:27 UTC | Doc Text | A flaw was found in Keycloak. This issue may allow an attacker to inject malicious code into the SAML request, which can be used to steal user data or perform other malicious activities. | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML provider. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value. |
| Doc Text | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML provider. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value. | Keycloak, an open-source identity and access management solution | ||
| Doc Text | , has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. | |||
| Summary | EMBARGOED CVE-2022-4361 Keycloak | RHSSO: XSS in AssertionConsumerServiceURL / redirect_uri does not validate URL-scheme | EMBARGOED CVE-2022-4361 Keycloak | RHSSO: XSS due to lax URI scheme validation | ||
| CC | drichtar, rowaters | |||
| Summary | EMBARGOED CVE-2022-4361 Keycloak | RHSSO: XSS due to lax URI scheme validation | CVE-2022-4361 Keycloak | RHSSO: XSS due to lax URI scheme validation | ||
| Group | security, qe_staff | |||
| Link ID | Red Hat Product Errata RHSA-2023:3885 | |||
| errata-xmlrpc | 2023-06-27 18:49:38 UTC | Link ID | Red Hat Product Errata RHSA-2023:3884 | |
| errata-xmlrpc | 2023-06-27 18:49:46 UTC | Link ID | Red Hat Product Errata RHSA-2023:3883 | |
| errata-xmlrpc | 2023-06-27 18:49:53 UTC | Link ID | Red Hat Product Errata RHSA-2023:3888 | |
| errata-xmlrpc | 2023-06-27 18:53:50 UTC | Link ID | Red Hat Product Errata RHSA-2023:3892 | |
| Product Security DevOps Team | 2023-06-27 23:29:54 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-06-27 23:29:54 UTC |
Back to bug 2151618