CVE-2022-3916 - Vulnerability Details

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00226.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Keycloak Openshift Container Platform Openshift Container Platform For Linuxone Openshift Container Platform For Power Openshift Container Platform Ibm Z Systems Red Hat Single Sign On Rhosemc Single Sign-on

Configuration 1 [-]

OR	cpe:2.3:a:redhat:keycloak::::::::
	cpe:2.3:a:redhat:single_sign-on:-::::text-only:::

Configuration 2 [-]

AND

cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 3 [-]

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Single Sign-On 7
keycloak	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2023:1049	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6.1
keycloak	cpe:/a:redhat:red_hat_single_sign_on:7.6.1	RHSA-2022:8965	2022-12-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2022:8961	2022-12-13T00:00:00Z
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:1043	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2022:8962	2022-12-13T00:00:00Z
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:1044	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2022:8963	2022-12-13T00:00:00Z
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:1045	2023-03-01T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-15	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2022:8964	2022-12-13T00:00:00Z
rh-sso-7/sso76-openshift-rhel8:7.6-20	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:1047	2023-03-01T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-7575	A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
Github GHSA	GHSA-97g8-xfvw-q4hg	Keycloak vulnerable to session takeover with OIDC offline refreshtokens

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2022:8961
https://access.redhat.com/errata/RHSA-2022:8962
https://access.redhat.com/errata/RHSA-2022:8963
https://access.redhat.com/errata/RHSA-2022:8964
https://access.redhat.com/errata/RHSA-2022:8965
https://access.redhat.com/errata/RHSA-2023:1043
https://access.redhat.com/errata/RHSA-2023:1044
https://access.redhat.com/errata/RHSA-2023:1045
https://access.redhat.com/errata/RHSA-2023:1047
https://access.redhat.com/errata/RHSA-2023:1049
https://access.redhat.com/security/cve/CVE-2022-3916
https://bugzilla.redhat.com/show_bug.cgi?id=2141404
https://nvd.nist.gov/vuln/detail/CVE-2022-3916
https://www.cve.org/CVERecord?id=CVE-2022-3916

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-20T14:28:52.089Z

Updated: 2024-08-03T01:20:58.791Z

Reserved: 2022-11-09T16:12:41.804Z

Link: CVE-2022-3916

Vulnrichment

Updated: 2024-08-03T01:20:58.791Z

NVD

Status : Modified

Published: 2023-09-20T15:15:11.583

Modified: 2024-11-21T07:20:31.480

Link: CVE-2022-3916

Redhat

Severity : Moderate

Publid Date: 2022-11-09T00:00:00Z

Links: CVE-2022-3916 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object