CVE-2022-1274

Published Mar 29, 2023

Last updated a year ago

CVSS medium 5.4

Overview

Description: A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
secalert@redhat.com: CWE-80

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C041BC2A-D8E2-4C32-8CD3-CC4C624017E5",
            "versionEndExcluding": "20.0.5"
          },
          {
            "criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A04D1D61-39A9-46A4-9245-0602F8E2B5D5",
            "versionEndExcluding": "7.6.2",
            "versionStartIncluding": "7.6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4AE1552C-9398-4952-AD8C-777DF9587043"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2FD90EA8-3C35-48E1-A3B5-FEB6E3207E62"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81609549-25CE-4C8A-9DE3-170D23704208"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References