A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
  • Keycloak
  • Openshift Container Platform
  • Openshift Container Platform For Linuxone
  • Openshift Container Platform For Power
  • Openshift Container Platform Ibm Z Systems
  • Red Hat Single Sign On
  • Rhosemc
  • Single Sign-on

Configuration 1 [-]

OR cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

Configuration 2 [-]

AND
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Single Sign-On 7
keycloak cpe:/a:redhat:red_hat_single_sign_on:7.6 RHSA-2023:1049 2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6.1
keycloak cpe:/a:redhat:red_hat_single_sign_on:7.6.1 RHSA-2022:8965 2022-12-13T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 RHSA-2022:8961 2022-12-13T00:00:00Z
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 RHSA-2023:1043 2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 RHSA-2022:8962 2022-12-13T00:00:00Z
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 RHSA-2023:1044 2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.3-1.redhat_00002.1.el9sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 RHSA-2022:8963 2022-12-13T00:00:00Z
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 RHSA-2023:1045 2023-03-01T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-15 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2022:8964 2022-12-13T00:00:00Z
rh-sso-7/sso76-openshift-rhel8:7.6-20 cpe:/a:redhat:rhosemc:1.0::el8 RHSA-2023:1047 2023-03-01T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2022:8961 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2022:8962 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2022:8963 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2022:8964 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2022:8965 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:1043 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:1044 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:1045 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:1047 cve-icon cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:1049 cve-icon cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2022-3916 cve-icon cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2141404 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-3916 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-3916 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-20T14:28:52.089Z

Updated: 2024-08-03T01:20:58.791Z

Reserved: 2022-11-09T16:12:41.804Z

Link: CVE-2022-3916

cve-icon Vulnrichment

Updated: 2024-08-03T01:20:58.791Z

cve-icon NVD

Status : Modified

Published: 2023-09-20T15:15:11.583

Modified: 2023-11-07T03:51:57.670

Link: CVE-2022-3916

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-11-09T00:00:00Z

Links: CVE-2022-3916 - Bugzilla