Description
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.
Remediation
References
https://access.redhat.com/errata/RHSA-2024:0094
https://access.redhat.com/errata/RHSA-2024:0095
https://access.redhat.com/errata/RHSA-2024:0096
https://access.redhat.com/security/cve/CVE-2022-2232
https://bugzilla.redhat.com/show_bug.cgi?id=2096994
Related Vulnerabilities
CVE-2016-10555 Vulnerability in npm package jwt-simple
CVE-2017-7669 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-nodemanager
CVE-2013-4366 Vulnerability in maven package org.apache.httpcomponents:httpclient
CVE-2017-12795 Vulnerability in maven package org.openmrs.module:htmlformentry-omod
CVE-2018-1000125 Vulnerability in maven package com.inversoft:prime-jwt