CVE-2022-2237Open Redirect in Redhat Keycloak

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 49.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat KeycloakRedhat Single Sign-on
Timeline
PublishedMar 27

Description

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5redhat/keycloakunknown

🔴Vulnerability Details

3
CVEList
CVE-2022-2237: A flaw was found in the Keycloak Node2023-03-27
GHSA
keycloak-connect contains Open redirect vulnerability in the Node.js adapter2023-03-02
OSV
keycloak-connect contains Open redirect vulnerability in the Node.js adapter2023-03-02

📋Vendor Advisories

1
Red Hat
Adapter: Open redirect vulnerability in checkSSO2023-03-01