Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
| Software | From | Fixed in |
|---|---|---|
| redhat / keycloak | - | 20.0.5 |
| redhat / single_sign-on | 7.6 | 7.6.2 |
| redhat / openshift_container_platform | 4.9 | 4.9.x |
| redhat / openshift_container_platform | 4.10 | 4.10.x |
org.keycloak / keycloak-services
|
- | 20.0.5 |
- https://bugzilla.redhat.com/show_bug.cgi?id=2073157
- https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
- https://github.com/keycloak/keycloak/pull/16764
- https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
- https://herolab.usd.de/security-advisories/usd-2021-0033
- https://herolab.usd.de/security-advisories/usd-2021-0033/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime