CVE-2022-2668: Improper Authorization

August 5, 2022 (updated August 11, 2022)

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

References

access.redhat.com/security/cve/CVE-2022-2668
nvd.nist.gov/vuln/detail/CVE-2022-2668

Detect and mitigate CVE-2022-2668 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →