Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-2232

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

keycloak: LDAP injection on username input

Mitigation

This flaw requires a misconfiguration of the “UUID LDAP Attribute” values. When they are set to the standard entryUUID, objectGUID or nsuniqueid Keycloak is not vulnerable.

Affected Software List

Name Vendor Version
Red Hat Single Sign-On 7 RedHat rh-sso7-keycloak
Red Hat Single Sign-On 7 RedHat rh-sso7-keycloak
Red Hat Single Sign-On 7 RedHat rh-sso7-keycloak
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use