Vulnerabilities > CVE-2022-1466 - Incorrect Authorization vulnerability in Redhat Keycloak
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2050228
- https://bugzilla.redhat.com/show_bug.cgi?id=2050228
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
- https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
- https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076