[MAVEN:GHSA-M4FV-GM5M-4725] HTML Injection in Keycloak Admin REST API

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

The execute-actions-email endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users.

Package	Affected Version
pkg:maven/org.keycloak/keycloak-services	< 20.0.5

Package	Fixed Version
pkg:maven/org.keycloak/keycloak-services	= 20.0.5

ID: MAVEN:GHSA-M4FV-GM5M-4725
Severity: moderate
URL: https://github.com/advisories/GHSA-m4fv-gm5m-4725
Published: 2023-03-01T17:58:01
(18 months ago)
Modified: 2023-12-22T19:32:40
(8 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
			https://github.com/keycloak/keycloak/pull/16764
			https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
			https://nvd.nist.gov/vuln/detail/CVE-2022-1274
			https://bugzilla.redhat.com/show_bug.cgi?id=2073157
			https://herolab.usd.de/security-advisories/usd-2021-0033/
			https://github.com/advisories/GHSA-m4fv-gm5m-4725

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.keycloak/keycloak-services	org.keycloak	keycloak-services	< 20.0.5
Fixed	pkg:maven/org.keycloak/keycloak-services	org.keycloak	keycloak-services	= 20.0.5

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date