{"containers": {"cna": {"affected": [{"product": "keycloak", "vendor": "n/a", "versions": [{"status": "affected", "version": "keycloak versions prior to 18.0.0"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862->CWE-863", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-07T23:39:22", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1245", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "keycloak", "version": {"version_data": [{"version_value": "keycloak versions prior to 18.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862->CWE-863"}]}]}, "references": {"reference_data": [{"name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8", "refsource": "MISC", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.704Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1245", "datePublished": "2022-07-07T23:39:22", "dateReserved": "2022-04-05T00:00:00", "dateUpdated": "2024-08-02T23:55:24.704Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC308493-1A81-4D85-B568-ECAA9AE15A82", "versionEndExcluding": "18.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services."}, {"lang": "es", "value": "Se ha encontrado un fallo de escalada de privilegios en la funcionalidad token exchange de keycloak. Una falta de autorizaci\u00f3n permite que una aplicaci\u00f3n cliente que tenga un token de acceso v\u00e1lido pueda intercambiar tokens para cualquier cliente de destino pasando el client_id del mismo. Esto podr\u00eda permitir a un cliente conseguir acceso no autorizado a servicios adicionales"}], "id": "CVE-2022-1245", "lastModified": "2024-11-21T06:40:20.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-08T00:15:07.937", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Johannes Knutsen <johannes@knutsen.me> for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:1709", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "package": "keycloak", "product_name": "Red Hat Single Sign-On 7", "release_date": "2022-05-04T00:00:00Z"}, {"advisory": "RHSA-2022:1711", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "package": "rh-sso7-keycloak-0:15.0.6-1.redhat_00002.1.el7sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date": "2022-05-04T00:00:00Z"}, {"advisory": "RHSA-2022:1712", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "package": "rh-sso7-keycloak-0:15.0.6-1.redhat_00002.1.el8sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date": "2022-05-04T00:00:00Z"}, {"advisory": "RHSA-2022:1713", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso75-openshift-rhel8:7.5-26", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-05-04T00:00:00Z"}, {"advisory": "RHSA-2022:1713", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso7-rhel8-operator-bundle:7.5.2-8", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2022-05-04T00:00:00Z"}], "bugzilla": {"description": "keycloak: Privilege escalation vulnerability on Token Exchange", "id": "2071036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071036"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-639", "details": ["A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.", "A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services."], "name": "CVE-2022-1245", "public_date": "2022-04-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1245\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1245\nhttps://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"], "statement": "The token exchange feature is currently in technology preview and is not fully supported. Please see the documentation for more information on this feature: https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/securing_applications_and_services_guide/token-exchange", "threat_severity": "Moderate"}