Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1?arch=el6sso

Type rpm

Namespace redhat

Name rh-sso7-keycloak

Version 4.8.20-1.Final_redhat_00001.1

Qualifiers

arch	el6sso

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-kzc8-pgz7-6bep

vulnerability_id

VCID-kzc8-pgz7-6bep

summary

Keycloak Insufficient Session Expiry
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1724

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33319
published_at	2026-04-21T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33369
published_at	2026-04-08T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33403
published_at	2026-04-09T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33406
published_at	2026-04-11T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33365
published_at	2026-04-12T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33342
published_at	2026-04-13T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33377
published_at	2026-04-16T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33353
published_at	2026-04-18T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33314
published_at	2026-04-01T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33451
published_at	2026-04-02T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33482
published_at	2026-04-04T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33323
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1724

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1724

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1724

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800527
reference_id	1800527
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800527

reference_url

https://github.com/advisories/GHSA-8xj2-47xw-q78c

reference_id

GHSA-8xj2-47xw-q78c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xj2-47xw-q78c

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

fixed_packages

aliases

CVE-2020-1724, GHSA-8xj2-47xw-q78c

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-kzc8-pgz7-6bep

url

VCID-mumt-rvzk-w7d4

vulnerability_id

VCID-mumt-rvzk-w7d4

summary

Improper Authentication
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_id

reference_type

scores

value	0.00367
scoring_system	epss
scoring_elements	0.58652
published_at	2026-04-21T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58677
published_at	2026-04-11T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58658
published_at	2026-04-12T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58638
published_at	2026-04-13T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5867
published_at	2026-04-16T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58675
published_at	2026-04-18T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58526
published_at	2026-04-01T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5861
published_at	2026-04-02T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58631
published_at	2026-04-04T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58601
published_at	2026-04-07T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58653
published_at	2026-04-08T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58659
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756
reference_id	1796756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_id

CVE-2020-1718

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_url

https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_id

GHSA-j229-2h63-rvh9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

fixed_packages

aliases

CVE-2020-1718, GHSA-j229-2h63-rvh9

risk_score

4.0

exploitability

0.5

weighted_severity

7.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-mumt-rvzk-w7d4

url

VCID-xdxx-tdkj-wbba

vulnerability_id

VCID-xdxx-tdkj-wbba

summary

Improper Certificate Validation
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1758

reference_id

reference_type

scores

value	0.00254
scoring_system	epss
scoring_elements	0.488
published_at	2026-04-18T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48704
published_at	2026-04-07T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48759
published_at	2026-04-21T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48756
published_at	2026-04-09T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48773
published_at	2026-04-11T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48747
published_at	2026-04-12T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48755
published_at	2026-04-13T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48804
published_at	2026-04-16T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48685
published_at	2026-04-01T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48724
published_at	2026-04-02T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.4875
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1758

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758

reference_url

https://issues.redhat.com/browse/KEYCLOAK-13285

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-13285

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1812514
reference_id	1812514
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1812514

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1758

reference_id

CVE-2020-1758

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1758

reference_url

https://github.com/advisories/GHSA-c597-f74m-jgc2

reference_id

GHSA-c597-f74m-jgc2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c597-f74m-jgc2

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

fixed_packages

aliases

CVE-2020-1758, GHSA-c597-f74m-jgc2

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xdxx-tdkj-wbba

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1%3Farch=el6sso

Package Instance