CVE-2022-2668
published 2022-08-05CVE-2022-2668: An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | — | — |
| redhat | keycloak | — | — |
| redhat | single_sign-on | — | — |