CVE-2022-4137: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
A reflected cross-site scripting (XSS) vulnerability was found in the ‘oob’ OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
References
Detect and mitigate CVE-2022-4137 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →