Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.keycloak/keycloak-server-spi-private@8.0.2

Type maven

Namespace org.keycloak

Name keycloak-server-spi-private

Version 8.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 26.6.0

Latest_non_vulnerable_version 26.6.0

Affected_by_vulnerabilities

url VCID-3248-31p8-tyd4

vulnerability_id VCID-3248-31p8-tyd4

summary

Incorrect Authorization
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.3011
published_at	2026-04-16T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30188
published_at	2026-04-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30272
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3009
published_at	2026-04-18T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3015
published_at	2026-04-08T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30186
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30145
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30193
published_at	2026-04-01T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30095
published_at	2026-04-13T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30223
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_url

https://security.archlinux.org/AVG-1332

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1332

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_id

CVE-2020-1725

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_url

https://github.com/advisories/GHSA-p225-pc2x-4jpm

reference_id

GHSA-p225-pc2x-4jpm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p225-pc2x-4jpm

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3248-31p8-tyd4

url VCID-6s4w-hv7a-ffaw

vulnerability_id VCID-6s4w-hv7a-ffaw

summary

Keycloak vulnerable to Server-Side Request Forgery
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

references

reference_url

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10770

reference_id

reference_type

scores

value	0.92282
scoring_system	epss
scoring_elements	0.99719
published_at	2026-04-13T12:55:00Z

value	0.92282
scoring_system	epss
scoring_elements	0.99718
published_at	2026-04-04T12:55:00Z

value	0.92282
scoring_system	epss
scoring_elements	0.9972
published_at	2026-04-18T12:55:00Z

value	0.92282
scoring_system	epss
scoring_elements	0.99717
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10770

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2

reference_url

https://github.com/keycloak/keycloak-documentation/pull/1086

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-documentation/pull/1086

reference_url

https://github.com/keycloak/keycloak/pull/7714

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7714

reference_url

https://issues.redhat.com/browse/KEYCLOAK-14019

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-14019

reference_url

https://issues.redhat.com/browse/KEYCLOAK-3426

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-3426

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10770

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10770

reference_url

https://security.archlinux.org/AVG-1577

reference_id

AVG-1577

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1577

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py
reference_id	CVE-2020-10770
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py

reference_url

https://github.com/advisories/GHSA-jh7q-5mwf-qvhw

reference_id

GHSA-jh7q-5mwf-qvhw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jh7q-5mwf-qvhw

reference_url	https://access.redhat.com/errata/RHSA-2021:0318
reference_id	RHSA-2021:0318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0318

reference_url	https://access.redhat.com/errata/RHSA-2021:0319
reference_id	RHSA-2021:0319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0319

reference_url	https://access.redhat.com/errata/RHSA-2021:0320
reference_id	RHSA-2021:0320
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0320

reference_url	https://access.redhat.com/errata/RHSA-2021:0327
reference_id	RHSA-2021:0327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0327

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.2

aliases CVE-2020-10770, GHSA-jh7q-5mwf-qvhw

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6s4w-hv7a-ffaw

url VCID-djwn-hkwg-g3gk

vulnerability_id VCID-djwn-hkwg-g3gk

summary keycloak: reusable "state" parameter at redirect_uri endpoint enables possibility of replay attacks

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14302

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.36059
published_at	2026-04-01T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36254
published_at	2026-04-02T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36287
published_at	2026-04-04T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36123
published_at	2026-04-07T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36172
published_at	2026-04-08T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3619
published_at	2026-04-09T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36196
published_at	2026-04-11T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36159
published_at	2026-04-12T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36133
published_at	2026-04-13T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36175
published_at	2026-04-16T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3616
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14302

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1849584
reference_id	1849584
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1849584

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-14302
reference_id	CVE-2020-14302
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-14302

reference_url	https://access.redhat.com/errata/RHSA-2021:0967
reference_id	RHSA-2021:0967
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0967

reference_url	https://access.redhat.com/errata/RHSA-2021:0968
reference_id	RHSA-2021:0968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0968

reference_url	https://access.redhat.com/errata/RHSA-2021:0969
reference_id	RHSA-2021:0969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0969

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

aliases CVE-2020-14302

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djwn-hkwg-g3gk

url VCID-dxj3-8sk5-mfdy

vulnerability_id VCID-dxj3-8sk5-mfdy

summary

Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

references

reference_url

https://access.redhat.com/errata/RHSA-2022:8961

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8961

reference_url

https://access.redhat.com/errata/RHSA-2022:8962

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8962

reference_url

https://access.redhat.com/errata/RHSA-2022:8963

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8963

reference_url

https://access.redhat.com/errata/RHSA-2022:8964

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8964

reference_url

https://access.redhat.com/errata/RHSA-2022:8965

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8965

reference_url

https://access.redhat.com/errata/RHSA-2023:1043

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1043

reference_url

https://access.redhat.com/errata/RHSA-2023:1044

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1044

reference_url

https://access.redhat.com/errata/RHSA-2023:1045

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1045

reference_url

https://access.redhat.com/errata/RHSA-2023:1047

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1047

reference_url

https://access.redhat.com/errata/RHSA-2023:1049

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1049

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45477
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45418
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45438
published_at	2026-04-04T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45437
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45458
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45428
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45481
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_url

https://github.com/advisories/GHSA-97g8-xfvw-q4hg

reference_id

GHSA-97g8-xfvw-q4hg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-97g8-xfvw-q4hg

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

reference_id

GHSA-97g8-xfvw-q4hg

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@20.0.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@20.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@20.0.2

aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy

url VCID-jh5h-pp29-1kbr

vulnerability_id VCID-jh5h-pp29-1kbr

summary

Client Spoofing within the Keycloak Device Authorisation Grant
Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:3883

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3883

reference_url

https://access.redhat.com/errata/RHSA-2023:3884

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3884

reference_url

https://access.redhat.com/errata/RHSA-2023:3885

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3885

reference_url

https://access.redhat.com/errata/RHSA-2023:3888

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3888

reference_url

https://access.redhat.com/errata/RHSA-2023:3892

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3892

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json

reference_url

https://access.redhat.com/security/cve/CVE-2023-2585

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2023-2585

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2585

reference_id

reference_type

scores

value	0.00112
scoring_system	epss
scoring_elements	0.2974
published_at	2026-04-18T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29872
published_at	2026-04-02T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29918
published_at	2026-04-04T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29734
published_at	2026-04-07T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29796
published_at	2026-04-08T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29831
published_at	2026-04-09T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29841
published_at	2026-04-11T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29795
published_at	2026-04-12T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29744
published_at	2026-04-13T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29762
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2585

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2196335

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2196335

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-2585

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-2585

reference_url

https://github.com/advisories/GHSA-f5h4-wmp5-xhg6

reference_id

GHSA-f5h4-wmp5-xhg6

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f5h4-wmp5-xhg6

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6

reference_id

GHSA-f5h4-wmp5-xhg6

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2

aliases CVE-2023-2585, GHSA-f5h4-wmp5-xhg6

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jh5h-pp29-1kbr

url VCID-jrds-3wks-aybe

vulnerability_id VCID-jrds-3wks-aybe

summary

Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.

references

reference_url

https://access.redhat.com/errata/RHSA-2026:2365

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/errata/RHSA-2026:2365

reference_url

https://access.redhat.com/errata/RHSA-2026:2366

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/errata/RHSA-2026:2366

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0871.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0871.json

reference_url

https://access.redhat.com/security/cve/CVE-2026-0871

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/security/cve/CVE-2026-0871

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0871

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10137
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10001
published_at	2026-04-18T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10024
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10151
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10211
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10171
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10111
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10034
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10076
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0871

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2428881

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2428881

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/9d0f679ecea405958f167fcd0f4a6db6ae32c3fa

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/9d0f679ecea405958f167fcd0f4a6db6ae32c3fa

reference_url

https://github.com/keycloak/keycloak/issues/45873

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/45873

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-0871

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-0871

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id	cpe:/a:redhat:jbosseapxp
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7

reference_url

https://github.com/advisories/GHSA-v4jw-m6rm-399h

reference_id

GHSA-v4jw-m6rm-399h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v4jw-m6rm-399h

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

aliases CVE-2026-0871, GHSA-v4jw-m6rm-399h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrds-3wks-aybe

url VCID-nhe2-8dtq-gqbf

vulnerability_id VCID-nhe2-8dtq-gqbf

summary

URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:7854

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7854

reference_url

https://access.redhat.com/errata/RHSA-2023:7855

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7855

reference_url

https://access.redhat.com/errata/RHSA-2023:7856

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7856

reference_url

https://access.redhat.com/errata/RHSA-2023:7857

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7857

reference_url

https://access.redhat.com/errata/RHSA-2023:7858

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7858

reference_url

https://access.redhat.com/errata/RHSA-2023:7860

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7860

reference_url

https://access.redhat.com/errata/RHSA-2023:7861

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7861

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39708
published_at	2026-04-18T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39721
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39743
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39661
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39715
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3973
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39739
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39703
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39687
published_at	2026-04-13T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39737
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id	cpe:/a:redhat:build_keycloak:22
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id	cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id	cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id	cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id	cpe:/a:redhat:serverless:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1

reference_url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_url

https://github.com/advisories/GHSA-mpwq-j3xf-7m5w

reference_id

GHSA-mpwq-j3xf-7m5w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mpwq-j3xf-7m5w

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

reference_id

GHSA-mpwq-j3xf-7m5w

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0

aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf

url VCID-sk6p-vfu6-7kem

vulnerability_id VCID-sk6p-vfu6-7kem

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50621
published_at	2026-04-18T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50518
published_at	2026-04-07T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50573
published_at	2026-04-08T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.5057
published_at	2026-04-09T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50612
published_at	2026-04-11T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50589
published_at	2026-04-12T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50574
published_at	2026-04-13T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50616
published_at	2026-04-16T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50481
published_at	2026-04-01T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50537
published_at	2026-04-02T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50565
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_id

CVE-2020-10776

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_id

GHSA-484q-784p-8m5h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-d1ua-u2v7-jqf8

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

aliases CVE-2020-10776, GHSA-484q-784p-8m5h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sk6p-vfu6-7kem

url VCID-th5p-51pd-3ffg

vulnerability_id VCID-th5p-51pd-3ffg

summary

Improper privilege management in Keycloak
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_url

https://access.redhat.com/security/cve/cve-2020-14389

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2020-14389

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_id

reference_type

scores

value	0.00148
scoring_system	epss
scoring_elements	0.35326
published_at	2026-04-18T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35321
published_at	2026-04-12T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35299
published_at	2026-04-13T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35337
published_at	2026-04-16T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35177
published_at	2026-04-01T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35378
published_at	2026-04-02T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35403
published_at	2026-04-04T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35285
published_at	2026-04-07T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35331
published_at	2026-04-08T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35356
published_at	2026-04-09T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35358
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id	1875843
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843

reference_url

https://github.com/advisories/GHSA-c9x9-xv66-xp3v

reference_id

GHSA-c9x9-xv66-xp3v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c9x9-xv66-xp3v

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-d1ua-u2v7-jqf8

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th5p-51pd-3ffg

url VCID-u5ba-kpd5-67bm

vulnerability_id VCID-u5ba-kpd5-67bm

summary

Keycloak discloses information without authentication
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_id

reference_type

scores

value	0.85144
scoring_system	epss
scoring_elements	0.9936
published_at	2026-04-18T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99357
published_at	2026-04-13T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99356
published_at	2026-04-11T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99355
published_at	2026-04-09T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99354
published_at	2026-04-08T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99349
published_at	2026-04-02T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99353
published_at	2026-04-07T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99352
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_url

https://github.com/keycloak/keycloak/pull/7790

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7790

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-27838

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-27838

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url

https://github.com/advisories/GHSA-pcv5-m2wh-66j3

reference_id

GHSA-pcv5-m2wh-66j3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pcv5-m2wh-66j3

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

aliases CVE-2020-27838, GHSA-pcv5-m2wh-66j3

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5ba-kpd5-67bm

url VCID-y1h3-yyn9-53fr

vulnerability_id VCID-y1h3-yyn9-53fr

summary

Keycloak: Unauthorized authentication via disabled SAML Identity Provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.

references

reference_url

https://access.redhat.com/errata/RHSA-2026:3925

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3925

reference_url

https://access.redhat.com/errata/RHSA-2026:3926

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3926

reference_url

https://access.redhat.com/errata/RHSA-2026:3947

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3947

reference_url

https://access.redhat.com/errata/RHSA-2026:3948

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3948

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json

reference_url

https://access.redhat.com/security/cve/CVE-2026-2603

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/security/cve/CVE-2026-2603

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2603

reference_id

reference_type

scores

value	0.00172
scoring_system	epss
scoring_elements	0.3858
published_at	2026-04-04T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38518
published_at	2026-04-11T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38504
published_at	2026-04-09T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38495
published_at	2026-04-08T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38444
published_at	2026-04-07T12:55:00Z

value	0.00172
scoring_system	epss
scoring_elements	0.38556
published_at	2026-04-02T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45478
published_at	2026-04-18T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45429
published_at	2026-04-12T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-13T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45482
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2603

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2440300

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2440300

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132

reference_url

https://github.com/keycloak/keycloak/issues/46911

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/46911

reference_url

https://github.com/keycloak/keycloak/pull/46932

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/46932

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2603

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2603

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id	cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url

https://github.com/advisories/GHSA-x4p7-7chp-64hq

reference_id

GHSA-x4p7-7chp-64hq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x4p7-7chp-64hq

fixed_packages

url	pkg:maven/org.keycloak/keycloak-server-spi-private@26.6.0
purl	pkg:maven/org.keycloak/keycloak-server-spi-private@26.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.6.0

aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr

url VCID-y1jz-hqab-pycq

vulnerability_id VCID-y1jz-hqab-pycq

summary

XSS in Keycloak
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1697

reference_id

reference_type

scores

value	0.00283
scoring_system	epss
scoring_elements	0.51737
published_at	2026-04-18T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51678
published_at	2026-04-09T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51726
published_at	2026-04-11T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51704
published_at	2026-04-12T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51688
published_at	2026-04-13T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51729
published_at	2026-04-16T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5159
published_at	2026-04-01T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51642
published_at	2026-04-02T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51667
published_at	2026-04-04T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51627
published_at	2026-04-07T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51681
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1697

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1697

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1697

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1791538
reference_id	1791538
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1791538

reference_url

https://github.com/advisories/GHSA-8vf3-4w62-m3pq

reference_id

GHSA-8vf3-4w62-m3pq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8vf3-4w62-m3pq

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-jh5h-pp29-1kbr

vulnerability	VCID-jrds-3wks-aybe

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-y1h3-yyn9-53fr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.0

aliases CVE-2020-1697, GHSA-8vf3-4w62-m3pq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1jz-hqab-pycq

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@8.0.2

Package Instance