What is CVE-2022-3916?

CVE-2022-3916 is a medium-severity vulnerability in Red Hat Single Sign-on 7, classified under Session Fixation. CVSS score: 6.8/10. Published 2023-09-20.

How severe is CVE-2022-3916?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Red Hat Single Sign-on 7

CVE-2022-3916

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root an…

EPSS: 0.010 (56.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Red Hat Single Sign-on 7
Red Hat Single Sign-on 7.6.1
Red Hat Single Sign-on 7.6 For Rhel 7 — versions 0:18.0.3-1.redhat_00002.1.el7sso, 0:18.0.6-1.redhat_00001.1.el7sso
Red Hat Single Sign-on 7.6 For Rhel 8 — versions 0:18.0.3-1.redhat_00002.1.el8sso, 0:18.0.6-1.redhat_00001.1.el8sso
Red Hat Single Sign-on 7.6 For Rhel 9 — versions 0:18.0.3-1.redhat_00002.1.el9sso, 0:18.0.6-1.redhat_00001.1.el9sso
Red Hat Rhel-8 Based Middleware Containers — versions 7.6-15, 7.6-20
Redhat Enterprise_linux — versions 7.0, 8.0, 9.0
Redhat Keycloak
Redhat Openshift_container_platform — versions 4.9, 4.10
Redhat Openshift_container_platform_for_linuxone — versions 4.9, 4.10

Weakness classification (CWE)

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2022-3916?: CVE-2022-3916 is a medium-severity vulnerability in Red Hat Single Sign-on 7, classified under Session Fixation. CVSS score: 6.8/10. Published 2023-09-20.
How severe is CVE-2022-3916?: Medium severity. CVSS v3 base score is 6.8 out of 10.