CVE-2022-1245
published 2022-07-08CVE-2022-1245: A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge | — | — |
| redhat | keycloak | < 18.0.0 | 18.0.0 |
| redhat | keycloak | — | — |