CVE-2022-1466

Incorrect Authorization in npm/keycloak-connect

Identifiers

CVE-2022-1466

Package Slug

npm/keycloak-connect

Vulnerability

Incorrect Authorization

Description

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

Affected Versions

All versions before 17.0.1

Solution

Upgrade to version 17.0.1 or above.

Last Modified

2022-05-09

source