CVE-2022-1466

Improper authorization in Keycloak in maven/org.keycloak/keycloak-core

Identifiers

CVE-2022-1466, GHSA-f32v-vf79-p29q

Package Slug

maven/org.keycloak/keycloak-core

Vulnerability

Improper authorization in Keycloak

Description

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

Affected Versions

All versions before 17.0.1

Solution

Upgrade to version 17.0.1 or above.

Last Modified

2022-05-01

source