CVE-2022-1245
First published: Fri Jul 08 2022(Updated: )
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Keycloak | <18.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-1245?
CVE-2022-1245 is a privilege escalation vulnerability found in the token exchange feature of Keycloak.
How severe is CVE-2022-1245?
CVE-2022-1245 has a severity score of 9.8, which is considered critical.
Which software versions are affected by CVE-2022-1245?
The affected software version is Red Hat Keycloak up to version 18.0.0.
What is the impact of CVE-2022-1245?
The vulnerability allows a client application to gain unauthorized access to arbitrary client accounts.
Is there a fix for CVE-2022-1245?
Patch and upgrade to a fixed version of Red Hat Keycloak to mitigate the vulnerability.
- collector/nvd-index
- vendor/redhat
- canonical/redhat keycloak