Search for vulnerabilities
Vulnerability details: VCID-xkq6-s5da-yub7
Vulnerability ID VCID-xkq6-s5da-yub7
Aliases CVE-2022-1438
GHSA-w354-2f3c-qvg9
GMS-2023-529
Summary Keycloak vulnerable to Cross-site Scripting A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability. ## Details This issue is the result of code found in the exception here: [https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045](https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045) ## Steps to reproduce When using the legacy admin console: 1. Sign in as Admin user in first tab. 2. In that tab create new user in keycloak admin section > intercept user creation request and modify it by including malicious js script there (in username field). 3. Sign in as newly created user in second tab (same browser window but second tab). 4. Navigate back to first tab where you are signed in as admin, navigate to admin console which lists all application users. 5. Choose any user (except newly created malicious one) – modify anything for that user in his settings. E.g. navigate to credentials tab and set new credentials for him. Also set new password as temporary. 6. After update for that user is made, use impersonate option on that modified user. 7. You should see window with form which requires providing new credentials – fill it and submit request. 8. Just after submiting request user will get notified that “You are already authenticated as different user ‘[user + payload]’ in this session. Please sign out first.” And malicious payload will be executed instantly.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.4 https://access.redhat.com/errata/RHSA-2023:1043
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2023:1043
ssvc Track https://access.redhat.com/errata/RHSA-2023:1043
cvssv3.1 6.4 https://access.redhat.com/errata/RHSA-2023:1044
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2023:1044
ssvc Track https://access.redhat.com/errata/RHSA-2023:1044
cvssv3.1 6.4 https://access.redhat.com/errata/RHSA-2023:1045
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2023:1045
ssvc Track https://access.redhat.com/errata/RHSA-2023:1045
cvssv3.1 6.4 https://access.redhat.com/errata/RHSA-2023:1047
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2023:1047
ssvc Track https://access.redhat.com/errata/RHSA-2023:1047
cvssv3.1 6.4 https://access.redhat.com/errata/RHSA-2023:1049
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2023:1049
ssvc Track https://access.redhat.com/errata/RHSA-2023:1049
cvssv3 6.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json
cvssv3.1 6.4 https://access.redhat.com/security/cve/cve-2022-1438
generic_textual MODERATE https://access.redhat.com/security/cve/cve-2022-1438
cvssv3.1 6.4 https://access.redhat.com/security/cve/CVE-2022-1438
ssvc Track https://access.redhat.com/security/cve/CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2022-1438
cvssv3.1 6.4 https://bugzilla.redhat.com/show_bug.cgi?id=2031904
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2031904
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2031904
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-w354-2f3c-qvg9
cvssv3.1 6.4 https://github.com/keycloak/keycloak
generic_textual MODERATE https://github.com/keycloak/keycloak
cvssv3.1 6.4 https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
generic_textual MODERATE https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
cvssv3.1 6.4 https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
cvssv3.1_qr MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
generic_textual MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
cvssv3.1 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1438
cvssv3.1 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1438
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-1438
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2023:1043
https://access.redhat.com/errata/RHSA-2023:1044
https://access.redhat.com/errata/RHSA-2023:1045
https://access.redhat.com/errata/RHSA-2023:1047
https://access.redhat.com/errata/RHSA-2023:1049
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json
https://access.redhat.com/security/cve/cve-2022-1438
https://api.first.org/data/v1/epss?cve=CVE-2022-1438
https://bugzilla.redhat.com/show_bug.cgi?id=2031904
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
https://nvd.nist.gov/vuln/detail/CVE-2022-1438
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:/a:redhat:red_hat_single_sign_on:7.6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
cpe:/a:redhat:rhosemc:1.0::el8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
CVE-2022-1438 https://access.redhat.com/security/cve/CVE-2022-1438
GHSA-w354-2f3c-qvg9 https://github.com/advisories/GHSA-w354-2f3c-qvg9
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2023:1043
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/ Found at https://access.redhat.com/errata/RHSA-2023:1043
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2023:1044
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/ Found at https://access.redhat.com/errata/RHSA-2023:1044
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2023:1045
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/ Found at https://access.redhat.com/errata/RHSA-2023:1045
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2023:1047
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/ Found at https://access.redhat.com/errata/RHSA-2023:1047
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2023:1049
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/ Found at https://access.redhat.com/errata/RHSA-2023:1049
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/cve-2022-1438
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2022-1438
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/ Found at https://access.redhat.com/security/cve/CVE-2022-1438
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2031904
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2031904
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1438
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1438
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.36624
EPSS Score 0.00152
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:52.621678+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-w354-2f3c-qvg9/GHSA-w354-2f3c-qvg9.json 37.0.0