Bug 2148496 (CVE-2022-4137)

Summary: CVE-2022-4137 keycloak: reflected XSS attack
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: boliveir, chazlett, pdrozd, pjindal, pskopek, security-response-team, sthorger
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-03-02 01:50:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2138397    

Description Patrick Del Bello 2022-11-25 16:46:55 UTC 
A flaw was found in Keycloak package. This flaw allows an attacker to benefit from Cross-Site Scripting by sending a script via URL. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise the user details, may it be changed or collected by the attacker. An administrator who might be affected may also compromise the server data.
Comment 3 errata-xmlrpc 2023-03-01 21:43:47 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 7

Via RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1043
Comment 4 errata-xmlrpc 2023-03-01 21:46:14 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 8

Via RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1044
Comment 5 errata-xmlrpc 2023-03-01 21:48:40 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 9

Via RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1045
Comment 6 errata-xmlrpc 2023-03-01 21:59:42 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On

Via RHSA-2023:1049 https://access.redhat.com/errata/RHSA-2023:1049
Comment 7 Product Security DevOps Team 2023-03-02 01:49:58 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-4137