The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2022-1970

CVE-2022-1970: Keycloak Open Redirect Vulnerability

CVE-2022-1970 is a rejected open redirect issue in Keycloak identified as a known misconfiguration rather than a security flaw. This post covers the technical details, affected versions, and mitigation guidance.

Published: February 11, 2026

CVE-2022-1970 Overview

CVE-2022-1970 was initially reported as an open redirect vulnerability in Keycloak 18.0.0. However, this CVE has been REJECTED by the CVE authorities. The originally reported issue has been determined to be a known misconfiguration rather than a software vulnerability. The Keycloak project already provides documentation and recommendations to mitigate this type of misconfiguration.

Important Notice

This CVE has been rejected. The reported issue is a known misconfiguration with existing mitigation guidance in the official Keycloak documentation.

Affected Products

  • No affected products (CVE Rejected)

Discovery Timeline

  • October 19, 2022 - CVE-2022-1970 published to NVD
  • May 29, 2024 - Last updated in NVD database (marked as REJECTED)

Technical Details for CVE-2022-1970

Vulnerability Analysis

This CVE was rejected because the reported behavior is not a vulnerability in the Keycloak software itself, but rather the result of improper configuration by administrators. Open redirect issues can occur in identity and access management systems like Keycloak when redirect URIs are not properly restricted. However, this is an expected behavior when the system is misconfigured, and Keycloak provides clear documentation on how to prevent such issues.

The original report referenced an open redirect scenario in Keycloak 18.0.0, but the Keycloak team determined that this falls under the category of administrator responsibility rather than a software defect.

Root Cause

The root cause of the reported issue is misconfiguration of redirect URI validation settings in Keycloak deployments. When administrators do not properly configure allowed redirect URIs for OAuth/OIDC clients, the system may allow redirects to unintended destinations. This is documented behavior that requires proper configuration to prevent.

Attack Vector

Open redirect vulnerabilities, when they exist due to misconfiguration, typically allow an attacker to craft malicious URLs that appear legitimate but redirect users to attacker-controlled sites. This can be used in phishing attacks or to steal authentication tokens. However, since this CVE is rejected, no official attack vector classification has been assigned.

The Keycloak documentation provides guidance on properly configuring redirect URIs to prevent such misconfiguration scenarios. Administrators should consult the Keycloak Server Administration Guide for proper configuration practices.

Detection Methods for CVE-2022-1970

Indicators of Compromise

  • Review Keycloak client configurations for overly permissive redirect URI patterns
  • Check for wildcard redirect URI configurations that could allow arbitrary redirects
  • Monitor authentication logs for unusual redirect destinations

Detection Strategies

  • Audit all OAuth/OIDC client configurations in Keycloak admin console
  • Review redirect URI settings for each client application
  • Implement logging and alerting for redirect patterns that fall outside expected domains

Monitoring Recommendations

  • Enable detailed logging for authentication flows in Keycloak
  • Monitor for authentication requests with unusual redirect_uri parameters
  • Implement security information and event management (SIEM) rules to detect potential open redirect attempts

How to Mitigate CVE-2022-1970

Immediate Actions Required

  • Review the official Keycloak documentation on open redirectors
  • Audit all configured redirect URIs in your Keycloak deployment
  • Remove wildcard patterns and overly permissive redirect URI configurations
  • Implement strict redirect URI validation for all OAuth/OIDC clients

Patch Information

No patch is required as this CVE has been rejected. The reported issue is a configuration matter, not a software vulnerability. Administrators should follow Keycloak's official documentation for proper configuration of redirect URI validation.

Workarounds

  • Configure explicit redirect URIs for each client instead of using wildcards
  • Use the "Valid Redirect URIs" field in client configuration to specify exact allowed URLs
  • Enable "Full Scope Allowed" only when necessary and understand its implications
  • Regularly audit client configurations as part of security maintenance procedures
bash
# Example: Reviewing Keycloak client configurations via CLI
# Use kcadm.sh to audit client redirect URIs
./kcadm.sh get clients -r your-realm --fields clientId,redirectUris

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeOther
  • Vendor/TechKeycloak
  • SeverityNONE
  • CVSS ScoreN/A
  • Known ExploitedNo
  • Impact Assessment
  • ConfidentialityNone
  • IntegrityNone
  • AvailabilityNone
  • Related CVEs
  • CVE-2026-37977: Keycloak CORS Information Disclosure Flaw
  • CVE-2026-4636: Keycloak Auth Bypass Vulnerability
  • CVE-2026-4634: Keycloak Denial of Service Vulnerability
  • CVE-2026-4325: Keycloak Auth Bypass Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English