Medium severity6.4NVD Advisory· Published Sep 20, 2023· Updated Jun 17, 2026
CVE-2022-1438
CVE-2022-1438
Description
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | <= 21.0.0 | — |
Affected products
6cpe:/a:redhat:red_hat_single_sign_on:7.6+ 3 more
- cpe:/a:redhat:red_hat_single_sign_on:7.6
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el7range: 0:18.0.6-1.redhat_00001.1.el7sso
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el8range: 0:18.0.6-1.redhat_00001.1.el8sso
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el9range: 0:18.0.6-1.redhat_00001.1.el9sso
- Red Hat/RHEL-8 based Middleware Containersv5cpe:/a:redhat:rhosemc:1.0::el8Range: 7.6-20
Patches
Vulnerability mechanics
References
12- access.redhat.com/errata/RHSA-2023:1043nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1044nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1045nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1047nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1049nvdVendor AdvisoryWEB
- access.redhat.com/security/cve/CVE-2022-1438nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-w354-2f3c-qvg9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1438ghsaADVISORY
- access.redhat.com/security/cve/cve-2022-1438ghsaWEB
- github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.javaghsaWEB
- github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9ghsaWEB
News mentions
0No linked articles in our index yet.