CVE-2022-1466: Incorrect Authorization

April 26, 2022 (updated May 6, 2022)

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

References

bugzilla.redhat.com/show_bug.cgi?id=2050228
nvd.nist.gov/vuln/detail/CVE-2022-1466
www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076

Detect and mitigate CVE-2022-1466 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →