Vulnerability Details CVE-2022-2668
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.4%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2022-2668
-
cpe:2.3:a:redhat:keycloak:18.0.0
-
cpe:2.3:a:redhat:single_sign-on:7.0