CVE-2022-1274
published 2023-03-29CVE-2022-1274: A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 20.0.5 | 20.0.5 |
| redhat | keycloak | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | single_sign-on | >= 7.6 < 7.6.2 | 7.6.2 |