VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-bnfj-v32k-gkc9

Essentials
Severities (36)
References (16)
Severity details (17)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-bnfj-v32k-gkc9
Aliases	CVE-2022-2232 GHSA-8hc5-rmgf-qx6p
Summary	Keycloak vulnerable to LDAP Injection on UsernameForm Login A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:0094
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0094
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:0095
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0095
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2024:0096
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0096
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2022-2232
ssvc	Track	https://access.redhat.com/security/cve/CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2022-2232
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2096994
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2096994
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
generic_textual	LOW	https://github.com/keycloak/keycloak
generic_textual	LOW	https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
cvssv3.1_qr	LOW	https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
generic_textual	LOW	https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-2232

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:0094
		https://access.redhat.com/errata/RHSA-2024:0095
		https://access.redhat.com/errata/RHSA-2024:0096
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-2232
		https://github.com/keycloak/keycloak
		https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
		https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
cpe:/a:redhat:red_hat_single_sign_on:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
CVE-2022-2232		https://access.redhat.com/security/cve/CVE-2022-2232
CVE-2022-2232		https://nvd.nist.gov/vuln/detail/CVE-2022-2232
GHSA-8hc5-rmgf-qx6p		https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
show_bug.cgi?id=2096994		https://bugzilla.redhat.com/show_bug.cgi?id=2096994

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0094

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://access.redhat.com/errata/RHSA-2024:0094

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0095

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://access.redhat.com/errata/RHSA-2024:0095

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:0096

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://access.redhat.com/errata/RHSA-2024:0096

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2022-2232

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://access.redhat.com/security/cve/CVE-2022-2232

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2096994

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2096994

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2232

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.41944
EPSS Score	0.00196
Published At	July 31, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:44:22.185244+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-8hc5-rmgf-qx6p/GHSA-8hc5-rmgf-qx6p.json	37.0.0