GHSA-q2gp-gph3-88x9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q2gp-gph3-88x9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-q2gp-gph3-88x9/GHSA-q2gp-gph3-88x9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q2gp-gph3-88x9
- Withdrawn
- 2022-09-23T16:30:52Z
- Published
- 2022-08-06T00:00:42Z
- Modified
- 2024-12-05T05:42:25.918810Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled
- Details
-
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references.
Original Description
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.
- Database specific
{ "cwe_ids": [], "github_reviewed": true, "nvd_published_at": "2022-08-05T17:15:00Z", "severity": "HIGH", "github_reviewed_at": "2022-08-18T18:53:18Z" }- References
Affected packages
Maven / org.keycloak:keycloak-saml-core
Package
- Name
- org.keycloak:keycloak-saml-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.keycloak/keycloak-saml-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected19.0.1
Affected versions
1.*
1.1.0.Beta1
1.1.0.Beta2
1.1.0.Final
1.1.1.Final
1.2.0.Beta1
1.2.0.CR1
1.2.0.Final
1.3.0.Final
1.3.1.Final
1.4.0.Final
1.5.0-Final
1.5.0.Final
1.5.1.Final
1.6.0.Final
1.6.1.Final
1.7.0.CR1
1.7.0.Final
1.8.0.Alpha1
1.8.0.CR1
1.8.0.CR2
1.8.0.CR3
1.8.0.Final
1.8.1.Final
1.9.0.CR1
1.9.0.Final
1.9.1.Final
1.9.2.Final
1.9.3.Final
1.9.4.Final
1.9.5.Final
1.9.7.Final
1.9.8.Final
2.*
2.0.0.CR1
2.0.0.Final
2.1.0.CR1
2.1.0.Final
2.2.0.CR1
2.2.0.Final
2.2.1.Final
2.3.0.CR1
2.3.0.Final
2.4.0.CR1
2.4.0.Final
2.5.0.CR1
2.5.0.Final
2.5.1.Final
2.5.4.Final
2.5.5.Final
3.*
3.0.0.CR1
3.0.0.Final
3.1.0.CR1
3.1.0.Final
3.2.0.CR1
3.2.0.Final
3.2.1.Final
3.3.0.CR1
3.3.0.CR2
3.3.0.Final
3.4.0.CR1
3.4.0.Final
3.4.1.CR1
3.4.1.Final
3.4.2.Final
3.4.3.Final
4.*
4.0.0.Beta1
4.0.0.Beta2
4.0.0.Beta3
4.0.0.Final
4.1.0.Final
4.2.0.Final
4.2.1.Final
4.3.0.Final
4.4.0.Final
4.5.0.Final
4.6.0.Final
4.7.0.Final
4.8.0.Final
4.8.1.Final
4.8.2.Final
4.8.3.Final
5.*
5.0.0
6.*
6.0.0
6.0.1
7.*
7.0.0
7.0.1
8.*
8.0.0
8.0.1
8.0.2
9.*
9.0.0
9.0.2
9.0.3
10.*
10.0.0
10.0.1
10.0.2
11.*
11.0.0
11.0.1
11.0.2
11.0.3
12.*
12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
13.*
13.0.0
13.0.1
14.*
14.0.0
15.*
15.0.0
15.0.1
15.0.2
15.1.0
15.1.1
16.*
16.0.0
16.1.0
16.1.1
17.*
17.0.0
17.0.1
18.*
18.0.0
18.0.1
18.0.2
19.*
19.0.0
19.0.1