Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA

CVE-2022-3916

Published: 20/09/2023 Updated: 07/11/2023
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 0

Vulnerability Summary

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an malicious user to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat single sign-on -

redhat keycloak

redhat single sign-on 7.6

redhat openshift container platform 4.9

redhat openshift container platform 4.10

redhat openshift container platform for linuxone 4.9

redhat openshift container platform for linuxone 4.10

redhat openshift container platform for power 4.9

redhat openshift container platform for power 4.10

redhat openshift container platform ibm z systems 4.9

redhat openshift container platform ibm z systems 4.10

Vendor Advisories

Red Hat:
Description<!---->A flaw was found in the offline_access scope in Keycloak This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions This enables an attacker to resolve a user session attached t ...
Red Hat: Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Synopsis Important: Red Hat Single Sign-On 761 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 761 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Synopsis Important: Red Hat Single Sign-On 761 security update on RHEL 8 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 761 packages are now available for Red Hat Enterprise Linux 8Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 761 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 761 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.1 security update
Synopsis Important: Red Hat Single Sign-On 761 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images
Synopsis Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images Type/Severity Security Advisory: Important Topic Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware ContainersRed Hat Product Security has rated this u ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8
概述 Important: Red Hat Single Sign-On 762 security update on RHEL 8 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 8Red H ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9
Synopsis Important: Red Hat Single Sign-On 762 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 762 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update
Synopsis Important: Red Hat Single Sign-On 762 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update
Synopsis Important: Red Hat Single Sign-On 762 for OpenShift image security and enhancement update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 762, running on RedHat OpenShift Container Platform from the release of 311 up to the releaseof 4120Red Hat Product Security has rated t ...

References

CWE-613https://access.redhat.com/security/cve/CVE-2022-3916https://access.redhat.com/errata/RHSA-2022:8961https://access.redhat.com/errata/RHSA-2023:1043https://access.redhat.com/errata/RHSA-2023:1044https://access.redhat.com/errata/RHSA-2022:8963https://access.redhat.com/errata/RHSA-2022:8962https://access.redhat.com/errata/RHSA-2022:8965https://access.redhat.com/errata/RHSA-2023:1047https://access.redhat.com/errata/RHSA-2022:8964https://access.redhat.com/errata/RHSA-2023:1045https://bugzilla.redhat.com/show_bug.cgi?id=2141404https://access.redhat.com/errata/RHSA-2023:1049https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-3916https://access.redhat.com/errata/RHSA-2022:8963
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834CVE-2024-30100CVE-2024-4577physicaldosCVE-2024-30099CVE-2024-27801CVE-2024-32146logic flaw
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook