Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
| Software | From | Fixed in |
|---|---|---|
| redhat / keycloak | - | 20.0.5 |
| redhat / single_sign-on | 7.6 | 7.6.2 |
| redhat / openshift_container_platform | 4.9 | 4.9.x |
| redhat / openshift_container_platform | 4.10 | 4.10.x |
org.keycloak / keycloak-services
|
- | 20.0.5 |
- https://bugzilla.redhat.com/show_bug.cgi?id=2073157
- https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
- https://github.com/keycloak/keycloak/pull/16764
- https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
- https://herolab.usd.de/security-advisories/usd-2021-0033
- https://herolab.usd.de/security-advisories/usd-2021-0033/