Lucene search
Veracode Vulnerability DatabaseVERACODE:44490HistoryNov 30, 2023 - 10:30 a.m.
LDAP Injection
2023-11-3010:30:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
ldap injection
keycloak-ldap-federation
keycloak-services
getfilterbyid
ldapoperationmanager.java
getuserfromform
abstractusernameformauthenticator.java
unsanitized input
ldap query manipulation
AI Score
7.5
Confidence
Low
keycloak-ldap-federation, keycloak-services is vulnerable to LDAP Injection. The vulnerability is due to the getFilterById function in LDAPOperationManager.java and getUserFromForm function in AbstractUsernameFormAuthenticator.java. This allows an attacker to manipulate the LDAP query in getFilterById by injecting malicious code via the unsanitized id input, which results LDAP injection attacks.
Related
github
github
Keycloak vulnerable to LDAP Injection on UsernameForm Login
2023-11-29 21:33:07
redhatcve
redhatcve
CVE-2022-2232
2024-02-08 12:31:54
osv
osv
Keycloak vulnerable to LDAP Injection on UsernameForm Login
2023-11-29 21:33:07
nessus
nessus
redhat
redhat