Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-ldap-federation@22.0.11
Typemaven
Namespaceorg.keycloak
Namekeycloak-ldap-federation
Version22.0.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.4.6
Latest_non_vulnerable_version26.4.6
Affected_by_vulnerabilities
0
url VCID-ywkk-6wes-xfgf
vulnerability_id VCID-ywkk-6wes-xfgf
summary 
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
### Impact

The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker.
As a consequence, an attacker who has compromised the admin console/compromised a user with sufficient privileges can leak domain credentials and can now attack the domain.

### Acknowledgements

Special thanks to Simon Wessling for reporting this issue and helping us improve our project
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5967.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5967.json
1
reference_url https://access.redhat.com/security/cve/CVE-2024-5967
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:10:07Z/
url https://access.redhat.com/security/cve/CVE-2024-5967
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5967
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.25951
published_at 2026-04-21T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32697
published_at 2026-04-12T12:55:00Z
2
value 0.00132
scoring_system epss
scoring_elements 0.32707
published_at 2026-04-08T12:55:00Z
3
value 0.00132
scoring_system epss
scoring_elements 0.32733
published_at 2026-04-09T12:55:00Z
4
value 0.00132
scoring_system epss
scoring_elements 0.32734
published_at 2026-04-11T12:55:00Z
5
value 0.00132
scoring_system epss
scoring_elements 0.32686
published_at 2026-04-18T12:55:00Z
6
value 0.00132
scoring_system epss
scoring_elements 0.32709
published_at 2026-04-16T12:55:00Z
7
value 0.00132
scoring_system epss
scoring_elements 0.3267
published_at 2026-04-13T12:55:00Z
8
value 0.00135
scoring_system epss
scoring_elements 0.33327
published_at 2026-04-02T12:55:00Z
9
value 0.00135
scoring_system epss
scoring_elements 0.33192
published_at 2026-04-07T12:55:00Z
10
value 0.00135
scoring_system epss
scoring_elements 0.33359
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5967
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2292200
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:10:07Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2292200
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/0d0530046b9cb4b0d74d2fdefc9bd04f1d20cac0
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/0d0530046b9cb4b0d74d2fdefc9bd04f1d20cac0
6
reference_url https://github.com/keycloak/keycloak/commit/1f56a9e48bf96c3bcb18dfc6cd93e3dd16f281f1
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/1f56a9e48bf96c3bcb18dfc6cd93e3dd16f281f1
7
reference_url https://github.com/keycloak/keycloak/commit/bde8568d4174a7072f7c7bb507d2c7d05824b1a6
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/bde8568d4174a7072f7c7bb507d2c7d05824b1a6
8
reference_url https://github.com/keycloak/keycloak/issues/30434
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/30434
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-c25h-c27q-5qpv
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-c25h-c27q-5qpv
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5967
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5967
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
18
reference_url https://github.com/advisories/GHSA-c25h-c27q-5qpv
reference_id GHSA-c25h-c27q-5qpv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c25h-c27q-5qpv
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-ldap-federation@22.0.12
purl pkg:maven/org.keycloak/keycloak-ldap-federation@22.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@22.0.12
1
url pkg:maven/org.keycloak/keycloak-ldap-federation@24.0.6
purl pkg:maven/org.keycloak/keycloak-ldap-federation@24.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@24.0.6
2
url pkg:maven/org.keycloak/keycloak-ldap-federation@25.0.1
purl pkg:maven/org.keycloak/keycloak-ldap-federation@25.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vxq-nfzs-zugz
1
vulnerability VCID-wg6h-c3vm-n7h9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@25.0.1
aliases CVE-2024-5967, GHSA-c25h-c27q-5qpv
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ywkk-6wes-xfgf
Fixing_vulnerabilities
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@22.0.11