{}

{}

{}

{"acknowledgement": "Red Hat would like to thank Konstantin Goldenberg (VHV) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:0094", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak", "product_name": "Red Hat Single Sign-On 7", "release_date": "2024-01-09T00:00:00Z"}, {"advisory": "RHSA-2024:0095", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak", "product_name": "Red Hat Single Sign-On 7", "release_date": "2024-01-09T00:00:00Z"}, {"advisory": "RHSA-2024:0096", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak", "product_name": "Red Hat Single Sign-On 7", "release_date": "2024-01-09T00:00:00Z"}], "bugzilla": {"description": "keycloak: LDAP injection on username input", "id": "2096994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096994"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions."], "mitigation": {"lang": "en:us", "value": "This flaw requires a misconfiguration of the \"UUID LDAP Attribute\" values. When they are set to the standard entryUUID, objectGUID or nsuniqueid Keycloak is not vulnerable."}, "name": "CVE-2022-2232", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "keycloak-core", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2023-11-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2232\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2232"], "threat_severity": "Low"}