CVE-2022-1245 - AskarLabs CVE Database

CVE-2022-1245

Vendor N/A

Product keycloak

Weakness CWE-862 · Missing authorization

Published July 7, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.

Key dates

02Disclosure timeline

July 7, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1245 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change CVE-2024-2298 affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_product CVE-2025-47450 WordPress Simple File List plugin <= 6.1.13 - Settings Change Vulnerability CVE-2023-36516 WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability CVE-2023-48776 WordPress canvasio3D Light plugin <= 2.5.0 - Broken Access Control vulnerability