VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-65b2-56z7-hfan

Essentials
Severities (72)
References (26)
Severity details (45)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-65b2-56z7-hfan
Aliases	CVE-2022-3916 GHSA-97g8-xfvw-q4hg GMS-2022-8406
Summary	Keycloak vulnerable to session takeover with OIDC offline refreshtokens An issue was discovered in Keycloak when using a client with the `offline_access` scope. Reuse of session ids across root and user authentication sessions and a lack of root session validation enabled attackers to resolve a user session attached to a different previously authenticated user. This issue most affects users of shared computers. Suppose a user logs out of their account (without clearing their cookies) in a mobile app or similar client that includes the `offline_access` scope, and another user authenticates to the application. In that case, it will share the same root session id, and when utilizing the refresh token, they will be issued a token for the original user.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (7)

CWE-287	Improper Authentication
CWE-304	Missing Critical Step in Authentication
CWE-488	Exposure of Data Element to Wrong Session
CWE-613	Insufficient Session Expiration
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-384	Session Fixation

System	Score	Found at
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8961
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8961
ssvc	Track	https://access.redhat.com/errata/RHSA-2022:8961
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8962
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8962
ssvc	Track	https://access.redhat.com/errata/RHSA-2022:8962
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8963
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8963
ssvc	Track	https://access.redhat.com/errata/RHSA-2022:8963
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8964
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8964
ssvc	Track	https://access.redhat.com/errata/RHSA-2022:8964
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2022:8965
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2022:8965
ssvc	Track	https://access.redhat.com/errata/RHSA-2022:8965
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2023:1043
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2023:1043
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:1043
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2023:1044
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2023:1044
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:1044
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2023:1045
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2023:1045
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:1045
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2023:1047
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2023:1047
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:1047
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2023:1049
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2023:1049
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:1049
cvssv3	6.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
cvssv3.1	6.8	https://access.redhat.com/security/cve/CVE-2022-3916
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2022-3916
ssvc	Track	https://access.redhat.com/security/cve/CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2022-3916
cvssv3.1	6.8	https://bugzilla.redhat.com/show_bug.cgi?id=2141404
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2141404
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2141404
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-97g8-xfvw-q4hg
cvssv3.1	6.8	https://github.com/keycloak/keycloak
generic_textual	MODERATE	https://github.com/keycloak/keycloak
cvssv3.1	6.8	https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
cvssv3.1_qr	MODERATE	https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
generic_textual	MODERATE	https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
cvssv3.1	6.8	https://nvd.nist.gov/vuln/detail/CVE-2022-3916
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2022-3916

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2022:8961
		https://access.redhat.com/errata/RHSA-2022:8962
		https://access.redhat.com/errata/RHSA-2022:8963
		https://access.redhat.com/errata/RHSA-2022:8964
		https://access.redhat.com/errata/RHSA-2022:8965
		https://access.redhat.com/errata/RHSA-2023:1043
		https://access.redhat.com/errata/RHSA-2023:1044
		https://access.redhat.com/errata/RHSA-2023:1045
		https://access.redhat.com/errata/RHSA-2023:1047
		https://access.redhat.com/errata/RHSA-2023:1049
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
		https://access.redhat.com/security/cve/CVE-2022-3916
		https://api.first.org/data/v1/epss?cve=CVE-2022-3916
		https://bugzilla.redhat.com/show_bug.cgi?id=2141404
		https://github.com/keycloak/keycloak
		https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
		https://nvd.nist.gov/vuln/detail/CVE-2022-3916
cpe:2.3:a:redhat:keycloak::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::
cpe:2.3:a:redhat:single_sign-on:-::::text-only:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-::::text-only:::
cpe:/a:redhat:red_hat_single_sign_on:7.6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6.1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhosemc:1.0::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
GHSA-97g8-xfvw-q4hg		https://github.com/advisories/GHSA-97g8-xfvw-q4hg

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8961

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2022:8961

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8962

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2022:8962

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8963

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2022:8963

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8964

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2022:8964

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2022:8965

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2022:8965

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1043

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2023:1043

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1044

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2023:1044

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1045

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2023:1045

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1047

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2023:1047

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1049

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/errata/RHSA-2023:1049

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2022-3916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://access.redhat.com/security/cve/CVE-2022-3916

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2141404

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2141404

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3916

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.45454
EPSS Score	0.00226
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:01:27.989501+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-97g8-xfvw-q4hg/GHSA-97g8-xfvw-q4hg.json	37.0.0