Miggo Logo
Miggo Vulnerability Database
CVE-2022-2232

CVE-2022-2232: Keycloak vulnerable to LDAP Injection on UsernameForm Login

N/A

CVSS Score

Basic Information

CVE ID
CVE-2022-2232
GHSA ID
GHSA-8hc5-rmgf-qx6p
EPSS Score
0.42073%
CWE
CWE-90
Published
11/29/2023
Updated
11/30/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.keycloak:keycloak-ldap-federationmaven< 23.0.123.0.1
org.keycloak:keycloak-servicesmaven< 23.0.123.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped user input in LDAP queries. The commit diff shows the vulnerable code in getFilterById() appended the 'id' parameter directly to an LDAP filter. The patch adds EscapeStrategy.DEFAULT.escape(id), confirming this was the injection point. The CWE-90 classification and advisory description align with this code path being used during username-based LDAP lookups.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in t** K*y*lo*k p**k***. T*is *l*w *llows *n *tt**k*r to **n**it *rom *n L**P qu*ry *n* ****ss *xistin* us*rn*m*s in t** s*rv*r.

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** us*r input in L**P qu*ri*s. T** *ommit *i** s*ows t** vuln*r**l* *o** in **t*ilt*r*yI*() *pp*n*** t** 'i*' p*r*m*t*r *ir**tly to *n L**P *ilt*r. T** p*t** ***s *s**p*Str*t**y.****ULT.*s**p*(i*), *on*irmin* t*is