Search for vulnerabilities
Vulnerability details: VCID-sjz1-u3j6-aaas
Vulnerability ID VCID-sjz1-u3j6-aaas
Aliases CVE-2022-4137
GHSA-9hhc-pj4w-w5rv
GMS-2023-616
Summary Keycloak Cross-site Scripting on OpenID connect login service
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-116 Improper Encoding or Escaping of Output
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-81 Improper Neutralization of Script in an Error Message Web Page
System Score Found at
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2023:1043
generic_textual HIGH https://access.redhat.com/errata/RHSA-2023:1043
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2023:1044
generic_textual HIGH https://access.redhat.com/errata/RHSA-2023:1044
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2023:1045
generic_textual HIGH https://access.redhat.com/errata/RHSA-2023:1045
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2023:1049
generic_textual HIGH https://access.redhat.com/errata/RHSA-2023:1049
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json
cvssv3.1 8.1 https://access.redhat.com/security/cve/CVE-2022-4137
generic_textual HIGH https://access.redhat.com/security/cve/CVE-2022-4137
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00134 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00194 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00393 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
epss 0.00487 https://api.first.org/data/v1/epss?cve=CVE-2022-4137
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-9hhc-pj4w-w5rv
cvssv3.1 6.8 https://github.com/keycloak/keycloak
generic_textual HIGH https://github.com/keycloak/keycloak
cvssv3.1 8.1 https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
generic_textual HIGH https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
cvssv3.1 8.1 https://github.com/keycloak/keycloak/pull/16774
generic_textual HIGH https://github.com/keycloak/keycloak/pull/16774
cvssv3.1_qr HIGH https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-4137
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-4137
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2023:1043
https://access.redhat.com/errata/RHSA-2023:1044
https://access.redhat.com/errata/RHSA-2023:1045
https://access.redhat.com/errata/RHSA-2023:1049
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json
https://access.redhat.com/security/cve/CVE-2022-4137
https://api.first.org/data/v1/epss?cve=CVE-2022-4137
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
https://github.com/keycloak/keycloak/pull/16774
2148496 https://bugzilla.redhat.com/show_bug.cgi?id=2148496
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
CVE-2022-4137 https://nvd.nist.gov/vuln/detail/CVE-2022-4137
GHSA-9hhc-pj4w-w5rv https://github.com/advisories/GHSA-9hhc-pj4w-w5rv
GHSA-9hhc-pj4w-w5rv https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1043
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1044
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1045
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2023:1049
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2022-4137
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak/pull/16774
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4137
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4137
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.49201
EPSS Score 0.00134
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.