CVE-2022-3782

CRITICAL

Keycloak - Path Traversal via Double URL Encoding

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-3782. PoCs published by shoucheng3.

AI-analyzed exploit summary The repository contains only GitHub issue templates, workflow files, and configuration files for Keycloak, with no actual exploit code or technical details related to CVE-2022-3782.

Description

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

Exploits (1)

nomisec STUB

by shoucheng3 · poc

https://github.com/shoucheng3/keycloak__keycloak_CVE-2022-3782_20-0-1

View Code ZIP pw:eip

The repository contains only GitHub issue templates, workflow files, and configuration files for Keycloak, with no actual exploit code or technical details related to CVE-2022-3782.

Classification

Stub 90%

Attack Type

Other

Complexity

N/a

Reliability

N/a

Target: Keycloak

No auth needed

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2022-3782

Scores

CVSS v3 9.1

EPSS 0.0017

EPSS Percentile 38.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-22

Status published

Products (2)

org.keycloak/keycloak-parent 0 - 20.0.2Maven

redhat/keycloak 20.0.2

Published Jan 13, 2023

Tracked Since Feb 18, 2026