CVE-2022-2232

描述

A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.

受影響套件(2)

• Maven/org.keycloak:keycloak-ldap-federationfrom 0, < 23.0.1
• Maven/org.keycloak:keycloak-servicesfrom 0, < 23.0.1

參考連結(3)

• PATCHhttps://github.com/keycloak/keycloak
• WEBhttps://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
• WEBhttps://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p