CVE-2022-1970
First published: Wed Jun 01 2022(Updated: )
An open redirection vulnerability (open redirect) exists in keycloak auth endpoint. URL can be mentioned as the value of redirect_uri query parameter and it successfully redirects to it. References: <a href="https://github.com/syedsohaibkarim/OpenRedirect-Keycloak18.0.0">https://github.com/syedsohaibkarim/OpenRedirect-Keycloak18.0.0</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Keycloak | =18.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-1970?
CVE-2022-1970 is an open redirect vulnerability found in Keycloak 18.0.0.
What is the severity of CVE-2022-1970?
CVE-2022-1970 has a severity score of 6.1, which is considered high.
How does CVE-2022-1970 impact Keycloak 18.0.0?
CVE-2022-1970 allows attackers to redirect users to malicious websites by manipulating the redirect_uri parameter in the authentication endpoint of Keycloak 18.0.0.
Is there a fix available for CVE-2022-1970?
Yes, a fix for CVE-2022-1970 is available. It is recommended to update to a version of Keycloak that is not affected by the vulnerability.
Where can I find more information about CVE-2022-1970?
You can find more information about CVE-2022-1970 on the MITRE CVE database (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2022-1970) and the Red Hat Bugzilla page (https://bugzilla.redhat.com/show_bug.cgi?id=2092434).
- collector/redhat-bugzilla
- alias/CVE-2022-1970
- collector/nvd-index
- vendor/redhat
- canonical/redhat keycloak
- version/redhat keycloak/18.0.0