CVE-2022-2232: Keycloak vulnerable to LDAP Injection on UsernameForm Login

November 29, 2023

A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.

References

github.com/advisories/GHSA-8hc5-rmgf-qx6p
github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p

Detect and mitigate CVE-2022-2232 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →