Mitigations for Keycloak vulnerabilities (MINDBREEZE27013)

ID: MINDBREEZE27013 
Affected Components: Mindbreeze InSpire 
Severity: 8.1 High 
Status: Final 
First published: March 7, 2024 
CVEs: CVE-2022-1274, CVE-2022-3782 

Summary

• CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API 
  CVE-2022-3782 keycloak: path traversal via double URL encoding 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises: 

• Mindbreeze InSpire 23.2 Release