{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-1970", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-05-29T01:48:08.364Z", "dateReserved": "2022-06-01T00:00:00.000Z", "datePublished": "2023-02-02T14:12:35.042Z", "dateRejected": "2024-05-29T01:48:08.364Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "The originally reported issue in https://github.com/syedsohaibkarim/OpenRedirect-Keycloak18.0.0 is a known misconfiguration, and recommendation already exists in the Keycloak documentation to mitigate the issue: https://www.keycloak.org/docs/latest/server_admin/index.html#open-redirectors."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-29T01:48:08.364Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: The originally reported issue in https://github.com/syedsohaibkarim/OpenRedirect-Keycloak18.0.0 is a known misconfiguration, and recommendation already exists in the Keycloak documentation to mitigate the issue: https://www.keycloak.org/docs/latest/server_admin/index.html#open-redirectors."}], "id": "CVE-2022-1970", "lastModified": "2024-05-29T02:15:14.447", "metrics": {}, "published": "2022-10-19T18:15:12.663", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"acknowledgement": "Red Hat would like to thank Syed Sohaib Karim for reporting this issue.", "bugzilla": {"description": "keycloak: open redirect in auth endpoint.", "id": "2092434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092434"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["[REJECTED CVE] An open redirection vulnerability (open redirect) exists in keycloak auth endpoint. URL can be mentioned as the value of redirect_uri query parameter and it successfully redirects to it."], "name": "CVE-2022-1970", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "keycloak", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2022-06-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1970\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1970"], "statement": "This CVE has been rejected as this is a known misconfiguration, addressed via provided docs: https://www.keycloak.org/docs/latest/server_admin/index.html#open-redirectors.\nRed Hat has evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}

{}