CVE-2022-2232

High

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or…

redhat·CWE-90·Published 2023-11-29

CVSS

7.5

EPSS

0.01

KEV

Exploits

Vendor statements (3)

cve.orgen

177 chars

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.

OSV.deven

145 chars

A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.

GHSAen

145 chars

A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.

NVDes

196 chars

Se encontró una falla en el paquete Keycloak que permite a un atacante utilizar una inyección LDAP para eludir la búsqueda de nombre de usuario o potencialmente realizar otras acciones maliciosas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N