CVE-2022-2232
Keycloak vulnerable to LDAP Injection on UsernameForm Login
EPSS 0.11%
Description
A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.
How to fix CVE-2022-2232
To remediate CVE-2022-2232, upgrade the affected package to a fixed version below.
- Maven/org.keycloak:keycloak-ldap-federation—upgrade to 23.0.1 or later
- Maven/org.keycloak:keycloak-services—upgrade to 23.0.1 or later
Is CVE-2022-2232 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 23.0.1
- from 0, < 23.0.1