Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1tNGZ2LWdtNW0tNDcyNc4AAx5L

Moderate EPSS: 0.00785% (0.72605 Percentile) EPSS:
Permalink JSON

HTML Injection in Keycloak Admin REST API

Affected Packages Affected Versions Fixed Versions
maven:org.keycloak:keycloak-services < 20.0.5 20.0.5
90 Dependent packages
561 Dependent repositories

Affected Version Ranges

All affected versions

5.0.0, 6.0.0, 6.0.1, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 8.0.2, 9.0.0, 9.0.2, 9.0.3, 10.0.0, 10.0.1, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.0.1, 14.0.0, 15.0.0, 15.0.1, 15.0.2, 15.1.0, 15.1.1, 16.0.0, 16.1.0, 16.1.1, 17.0.0, 17.0.1, 18.0.0, 18.0.1, 18.0.2, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4

All unaffected versions

20.0.5, 21.0.0, 21.0.1, 21.0.2, 21.1.0, 21.1.1, 21.1.2, 22.0.0, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.0.5, 23.0.0, 23.0.1, 23.0.2, 23.0.3, 23.0.4, 23.0.5, 23.0.6, 23.0.7, 24.0.0, 24.0.1, 24.0.2, 24.0.3, 24.0.4, 24.0.5, 25.0.0, 25.0.1, 25.0.2, 25.0.3, 25.0.4, 25.0.5, 25.0.6, 26.0.0, 26.0.1, 26.0.2, 26.0.3, 26.0.4, 26.0.5, 26.0.6, 26.0.7, 26.0.8, 26.1.0, 26.1.1, 26.1.2, 26.1.3, 26.1.4, 26.1.5, 26.2.0, 26.2.1, 26.2.2, 26.2.3, 26.2.4, 26.2.5, 26.3.0, 26.3.1, 26.3.2

The execute-actions-email endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users.

References:

Identifiers

GHSA-m4fv-gm5m-4725

CVE-2022-1274

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00785

EPSS Percentile: 0.72605

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/keycloak/keycloak

Date and time

Published

over 2 years ago

Updated

over 1 year ago

API

JSON