CVE-2022-2668: Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
References
- access.redhat.com/security/cve/CVE-2022-2668
- bugzilla.redhat.com/show_bug.cgi?id=2115392
- github.com/advisories/GHSA-wf7g-7h6h-678v
- github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
- github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
- nvd.nist.gov/vuln/detail/CVE-2022-2668
Code Behaviors & Features
Detect and mitigate CVE-2022-2668 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →