CVE-2022-1466
N/A
N/A
Summary
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | rhsso | rhsso 7.5.0.GA | affected |
Weaknesses
- CWE-863: CWE-863
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=2050228
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
- https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2050228
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
- https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.