CVE-2022-2668

Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console in maven/org.keycloak/keycloak-parent

Identifiers

GHSA-wf7g-7h6h-678v, CVE-2022-2668

Package Slug

maven/org.keycloak/keycloak-parent

Vulnerability

Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console

Description

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

Affected Versions

All versions before 19.0.2

Solution

Upgrade to version 19.0.2 or above.

Last Modified

2022-09-27

source