{
  "threat_severity" : "Moderate",
  "public_date" : "2023-02-28T18:57:00Z",
  "bugzilla" : {
    "description" : "keycloak: HTML injection in execute-actions-email Admin REST API",
    "id" : "2073157",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-80",
  "details" : [ "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users." ],
  "acknowledgement" : "Red Hat would like to thank Marcus Nilsson (usd AG) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Single Sign-On 7",
    "release_date" : "2023-03-01T00:00:00Z",
    "advisory" : "RHSA-2023:1049",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6"
  }, {
    "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 7",
    "release_date" : "2023-03-01T00:00:00Z",
    "advisory" : "RHSA-2023:1043",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7",
    "package" : "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso"
  }, {
    "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 8",
    "release_date" : "2023-03-01T00:00:00Z",
    "advisory" : "RHSA-2023:1044",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8",
    "package" : "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso"
  }, {
    "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 9",
    "release_date" : "2023-03-01T00:00:00Z",
    "advisory" : "RHSA-2023:1045",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9",
    "package" : "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso"
  }, {
    "product_name" : "RHEL-8 based Middleware Containers",
    "release_date" : "2023-03-01T00:00:00Z",
    "advisory" : "RHSA-2023:1047",
    "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8",
    "package" : "rh-sso-7/sso76-openshift-rhel8:7.6-20"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-1274\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1274\nhttps://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" ],
  "name" : "CVE-2022-1274",
  "csaw" : false
}