Description
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
References (15)
Scores
CVSS v3
5.3
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-117
Status
published
Products (18)
org.keycloak/keycloak-services
0 - 22.0.9Maven
Red Hat/Red Hat build of Keycloak 22
22-13
Red Hat/Red Hat build of Keycloak 22
22-16
Red Hat/Red Hat build of Keycloak 22
22.0.10-1
Red Hat/Red Hat build of Keycloak 22.0.10
Red Hat/Red Hat Single Sign-On 7
Red Hat/Red Hat Single Sign-On 7.6 for RHEL 7
0:18.0.12-1.redhat_00001.1.el7sso
Red Hat/Red Hat Single Sign-On 7.6 for RHEL 7
0:18.0.13-1.redhat_00001.1.el7sso
Red Hat/Red Hat Single Sign-On 7.6 for RHEL 8
0:18.0.12-1.redhat_00001.1.el8sso
Red Hat/Red Hat Single Sign-On 7.6 for RHEL 8
0:18.0.13-1.redhat_00001.1.el8sso
... and 8 more
Published
Apr 25, 2024
Tracked Since
Feb 18, 2026