Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-ldap-federation@23.0.0
Typemaven
Namespaceorg.keycloak
Namekeycloak-ldap-federation
Version23.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.4.6
Latest_non_vulnerable_version26.4.6
Affected_by_vulnerabilities
0
url VCID-3vxq-nfzs-zugz
vulnerability_id VCID-3vxq-nfzs-zugz
summary 
Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references.

### Original Description

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:22088
1
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:22089
2
reference_url https://access.redhat.com/errata/RHSA-2025:22090
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:22090
3
reference_url https://access.redhat.com/errata/RHSA-2025:22091
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:22091
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2416038
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2416038
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328
7
reference_url https://github.com/keycloak/keycloak/issues/44478
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/44478
8
reference_url https://github.com/keycloak/keycloak/releases/tag/26.4.6
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.4.6
9
reference_url https://access.redhat.com/security/cve/CVE-2025-13467
reference_id CVE-2025-13467
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-13467
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13467
reference_id CVE-2025-13467
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13467
11
reference_url https://github.com/advisories/GHSA-93vm-mqpw-8wh3
reference_id GHSA-93vm-mqpw-8wh3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93vm-mqpw-8wh3
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-ldap-federation@26.4.6
purl pkg:maven/org.keycloak/keycloak-ldap-federation@26.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@26.4.6
aliases GHSA-93vm-mqpw-8wh3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vxq-nfzs-zugz
1
url VCID-rrkd-31d4-9yaq
vulnerability_id VCID-rrkd-31d4-9yaq
summary 
Keycloak vulnerable to LDAP Injection on UsernameForm Login
A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2232
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24445
published_at 2026-04-02T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24479
published_at 2026-04-04T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29785
published_at 2026-04-21T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29888
published_at 2026-04-08T12:55:00Z
4
value 0.00113
scoring_system epss
scoring_elements 0.29924
published_at 2026-04-09T12:55:00Z
5
value 0.00113
scoring_system epss
scoring_elements 0.29929
published_at 2026-04-11T12:55:00Z
6
value 0.00113
scoring_system epss
scoring_elements 0.29883
published_at 2026-04-12T12:55:00Z
7
value 0.00113
scoring_system epss
scoring_elements 0.29834
published_at 2026-04-13T12:55:00Z
8
value 0.00113
scoring_system epss
scoring_elements 0.29852
published_at 2026-04-16T12:55:00Z
9
value 0.00113
scoring_system epss
scoring_elements 0.29831
published_at 2026-04-18T12:55:00Z
10
value 0.00113
scoring_system epss
scoring_elements 0.29826
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2232
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2096994
reference_id 2096994
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2096994
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
9
reference_url https://access.redhat.com/security/cve/CVE-2022-2232
reference_id CVE-2022-2232
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/
url https://access.redhat.com/security/cve/CVE-2022-2232
10
reference_url https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
reference_id GHSA-8hc5-rmgf-qx6p
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
11
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
reference_id GHSA-8hc5-rmgf-qx6p
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-ldap-federation@23.0.1
purl pkg:maven/org.keycloak/keycloak-ldap-federation@23.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vxq-nfzs-zugz
1
vulnerability VCID-wg6h-c3vm-n7h9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@23.0.1
aliases CVE-2022-2232, GHSA-8hc5-rmgf-qx6p
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrkd-31d4-9yaq
2
url VCID-wg6h-c3vm-n7h9
vulnerability_id VCID-wg6h-c3vm-n7h9
summary 
Duplicate Advisory: Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-2p82-5wwr-43cw. This link is maintained to preserve external references.

# Original Description

A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:2544
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:2544
1
reference_url https://access.redhat.com/errata/RHSA-2025:2545
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:2545
2
reference_url https://access.redhat.com/security/cve/CVE-2025-0604
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-0604
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2338993
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2338993
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0604
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0604
6
reference_url https://github.com/advisories/GHSA-m3hp-8546-5qmr
reference_id GHSA-m3hp-8546-5qmr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3hp-8546-5qmr
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-ldap-federation@26.1.1
purl pkg:maven/org.keycloak/keycloak-ldap-federation@26.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vxq-nfzs-zugz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@26.1.1
aliases GHSA-m3hp-8546-5qmr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg6h-c3vm-n7h9
3
url VCID-ywkk-6wes-xfgf
vulnerability_id VCID-ywkk-6wes-xfgf
summary 
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
### Impact

The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker.
As a consequence, an attacker who has compromised the admin console/compromised a user with sufficient privileges can leak domain credentials and can now attack the domain.

### Acknowledgements

Special thanks to Simon Wessling for reporting this issue and helping us improve our project
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5967.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5967.json
1
reference_url https://access.redhat.com/security/cve/CVE-2024-5967
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:10:07Z/
url https://access.redhat.com/security/cve/CVE-2024-5967
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5967
reference_id
reference_type
scores
0
value 0.00093
scoring_system epss
scoring_elements 0.25951
published_at 2026-04-21T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32697
published_at 2026-04-12T12:55:00Z
2
value 0.00132
scoring_system epss
scoring_elements 0.32707
published_at 2026-04-08T12:55:00Z
3
value 0.00132
scoring_system epss
scoring_elements 0.32733
published_at 2026-04-09T12:55:00Z
4
value 0.00132
scoring_system epss
scoring_elements 0.32734
published_at 2026-04-11T12:55:00Z
5
value 0.00132
scoring_system epss
scoring_elements 0.32686
published_at 2026-04-18T12:55:00Z
6
value 0.00132
scoring_system epss
scoring_elements 0.32709
published_at 2026-04-16T12:55:00Z
7
value 0.00132
scoring_system epss
scoring_elements 0.3267
published_at 2026-04-13T12:55:00Z
8
value 0.00135
scoring_system epss
scoring_elements 0.33327
published_at 2026-04-02T12:55:00Z
9
value 0.00135
scoring_system epss
scoring_elements 0.33192
published_at 2026-04-07T12:55:00Z
10
value 0.00135
scoring_system epss
scoring_elements 0.33359
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5967
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2292200
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:10:07Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2292200
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/0d0530046b9cb4b0d74d2fdefc9bd04f1d20cac0
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/0d0530046b9cb4b0d74d2fdefc9bd04f1d20cac0
6
reference_url https://github.com/keycloak/keycloak/commit/1f56a9e48bf96c3bcb18dfc6cd93e3dd16f281f1
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/1f56a9e48bf96c3bcb18dfc6cd93e3dd16f281f1
7
reference_url https://github.com/keycloak/keycloak/commit/bde8568d4174a7072f7c7bb507d2c7d05824b1a6
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/bde8568d4174a7072f7c7bb507d2c7d05824b1a6
8
reference_url https://github.com/keycloak/keycloak/issues/30434
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/30434
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-c25h-c27q-5qpv
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-c25h-c27q-5qpv
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5967
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5967
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
18
reference_url https://github.com/advisories/GHSA-c25h-c27q-5qpv
reference_id GHSA-c25h-c27q-5qpv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c25h-c27q-5qpv
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-ldap-federation@24.0.6
purl pkg:maven/org.keycloak/keycloak-ldap-federation@24.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@24.0.6
1
url pkg:maven/org.keycloak/keycloak-ldap-federation@25.0.1
purl pkg:maven/org.keycloak/keycloak-ldap-federation@25.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vxq-nfzs-zugz
1
vulnerability VCID-wg6h-c3vm-n7h9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@25.0.1
aliases CVE-2024-5967, GHSA-c25h-c27q-5qpv
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ywkk-6wes-xfgf
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@23.0.0