Vulnerability Description
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Keycloak | < 17.0.1 |
| Redhat | Single Sign-On | 7.5.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2050228Issue TrackingVendor Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.tExploitThird Party Advisory
- https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-siExploitThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2050228Issue TrackingVendor Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.tExploitThird Party Advisory
- https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-siExploitThird Party Advisory
FAQ
What is CVE-2022-1466?
CVE-2022-1466 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though...
How severe is CVE-2022-1466?
CVE-2022-1466 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1466?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Keycloak, Redhat Single Sign-On.