CVE-2022-1245
N/A
N/A
Summary
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | keycloak | keycloak versions prior to 18.0.0 | affected |
Weaknesses
- CWE-862: CWE-862->CWE-863
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.