6.1
CVE-2022-2237
- EPSS 0.09%
- Veröffentlicht 27.03.2023 22:15:11
- Zuletzt bearbeitet 24.02.2025 20:15:31
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Keycloak Node.Js Adapter Version-
Redhat ≫ Single Sign-on Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.218 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.