Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@9.0.0

Type maven

Namespace org.keycloak

Name keycloak-wildfly-server-subsystem

Version 9.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-3248-31p8-tyd4

vulnerability_id VCID-3248-31p8-tyd4

summary

Incorrect Authorization
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.3011
published_at	2026-04-16T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30188
published_at	2026-04-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30272
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3009
published_at	2026-04-18T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3015
published_at	2026-04-08T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30186
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30145
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30193
published_at	2026-04-01T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30095
published_at	2026-04-13T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30223
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_url

https://security.archlinux.org/AVG-1332

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1332

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_id

CVE-2020-1725

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_url

https://github.com/advisories/GHSA-p225-pc2x-4jpm

reference_id

GHSA-p225-pc2x-4jpm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p225-pc2x-4jpm

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-nhe2-8dtq-gqbf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3248-31p8-tyd4

url VCID-546n-kc1p-cyhm

vulnerability_id VCID-546n-kc1p-cyhm

summary

Code injection in keycloak
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20222.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20222.json

reference_url

https://access.redhat.com/security/cve/cve-2021-20222

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2021-20222

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20222

reference_id

reference_type

scores

value	0.0044
scoring_system	epss
scoring_elements	0.63236
published_at	2026-04-11T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63227
published_at	2026-04-18T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63185
published_at	2026-04-04T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.6315
published_at	2026-04-07T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63202
published_at	2026-04-08T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63219
published_at	2026-04-16T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63221
published_at	2026-04-12T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63096
published_at	2026-04-01T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63184
published_at	2026-04-13T12:55:00Z

value	0.0044
scoring_system	epss
scoring_elements	0.63155
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20222

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1924606

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1924606

reference_url

https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20222

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20222

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url

https://github.com/advisories/GHSA-2mq8-99q7-55wx

reference_id

GHSA-2mq8-99q7-55wx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2mq8-99q7-55wx

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-nhe2-8dtq-gqbf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

aliases CVE-2021-20222, GHSA-2mq8-99q7-55wx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-546n-kc1p-cyhm

url VCID-6s4w-hv7a-ffaw

vulnerability_id VCID-6s4w-hv7a-ffaw

summary

Keycloak vulnerable to Server-Side Request Forgery
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

references

reference_url

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10770

reference_id

reference_type

scores

value	0.92282
scoring_system	epss
scoring_elements	0.99719
published_at	2026-04-13T12:55:00Z

value	0.92282
scoring_system	epss
scoring_elements	0.99718
published_at	2026-04-04T12:55:00Z

value	0.92282
scoring_system	epss
scoring_elements	0.9972
published_at	2026-04-18T12:55:00Z

value	0.92282
scoring_system	epss
scoring_elements	0.99717
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10770

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2

reference_url

https://github.com/keycloak/keycloak-documentation/pull/1086

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-documentation/pull/1086

reference_url

https://github.com/keycloak/keycloak/pull/7714

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7714

reference_url

https://issues.redhat.com/browse/KEYCLOAK-14019

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-14019

reference_url

https://issues.redhat.com/browse/KEYCLOAK-3426

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-3426

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10770

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10770

reference_url

https://security.archlinux.org/AVG-1577

reference_id

AVG-1577

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1577

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py
reference_id	CVE-2020-10770
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py

reference_url

https://github.com/advisories/GHSA-jh7q-5mwf-qvhw

reference_id

GHSA-jh7q-5mwf-qvhw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jh7q-5mwf-qvhw

reference_url	https://access.redhat.com/errata/RHSA-2021:0318
reference_id	RHSA-2021:0318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0318

reference_url	https://access.redhat.com/errata/RHSA-2021:0319
reference_id	RHSA-2021:0319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0319

reference_url	https://access.redhat.com/errata/RHSA-2021:0320
reference_id	RHSA-2021:0320
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0320

reference_url	https://access.redhat.com/errata/RHSA-2021:0327
reference_id	RHSA-2021:0327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0327

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.2

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u5ba-kpd5-67bm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.2

aliases CVE-2020-10770, GHSA-jh7q-5mwf-qvhw

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6s4w-hv7a-ffaw

url VCID-djwn-hkwg-g3gk

vulnerability_id VCID-djwn-hkwg-g3gk

summary keycloak: reusable "state" parameter at redirect_uri endpoint enables possibility of replay attacks

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14302

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.36059
published_at	2026-04-01T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36254
published_at	2026-04-02T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36287
published_at	2026-04-04T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36123
published_at	2026-04-07T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36172
published_at	2026-04-08T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3619
published_at	2026-04-09T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36196
published_at	2026-04-11T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36159
published_at	2026-04-12T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36133
published_at	2026-04-13T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36175
published_at	2026-04-16T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3616
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14302

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1849584
reference_id	1849584
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1849584

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-14302
reference_id	CVE-2020-14302
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-14302

reference_url	https://access.redhat.com/errata/RHSA-2021:0967
reference_id	RHSA-2021:0967
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0967

reference_url	https://access.redhat.com/errata/RHSA-2021:0968
reference_id	RHSA-2021:0968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0968

reference_url	https://access.redhat.com/errata/RHSA-2021:0969
reference_id	RHSA-2021:0969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0969

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-nhe2-8dtq-gqbf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

aliases CVE-2020-14302

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djwn-hkwg-g3gk

url

VCID-dxj3-8sk5-mfdy

vulnerability_id

VCID-dxj3-8sk5-mfdy

summary

Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

references

reference_url

https://access.redhat.com/errata/RHSA-2022:8961

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8961

reference_url

https://access.redhat.com/errata/RHSA-2022:8962

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8962

reference_url

https://access.redhat.com/errata/RHSA-2022:8963

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8963

reference_url

https://access.redhat.com/errata/RHSA-2022:8964

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8964

reference_url

https://access.redhat.com/errata/RHSA-2022:8965

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8965

reference_url

https://access.redhat.com/errata/RHSA-2023:1043

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1043

reference_url

https://access.redhat.com/errata/RHSA-2023:1044

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1044

reference_url

https://access.redhat.com/errata/RHSA-2023:1045

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1045

reference_url

https://access.redhat.com/errata/RHSA-2023:1047

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1047

reference_url

https://access.redhat.com/errata/RHSA-2023:1049

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1049

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45477
published_at	2026-04-18T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45418
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45438
published_at	2026-04-04T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45437
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45458
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45428
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-13T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45481
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_url

https://github.com/advisories/GHSA-97g8-xfvw-q4hg

reference_id

GHSA-97g8-xfvw-q4hg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-97g8-xfvw-q4hg

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

reference_id

GHSA-97g8-xfvw-q4hg

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

fixed_packages

aliases

CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy

url VCID-e9qa-sy57-fqby

vulnerability_id VCID-e9qa-sy57-fqby

summary

Temporary Directory Hijacking Vulnerability in Keycloak
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20202

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.13871
published_at	2026-04-18T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13879
published_at	2026-04-16T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13984
published_at	2026-04-13T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13999
published_at	2026-04-07T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14128
published_at	2026-04-02T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14184
published_at	2026-04-04T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14081
published_at	2026-04-08T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14036
published_at	2026-04-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14078
published_at	2026-04-11T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14047
published_at	2026-04-01T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14134
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20202

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1922128

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1922128

reference_url

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j

reference_url

https://issues.redhat.com/browse/KEYCLOAK-17000

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-17000

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20202

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20202

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url

https://github.com/advisories/GHSA-6xp6-fmc8-pmmr

reference_id

GHSA-6xp6-fmc8-pmmr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6xp6-fmc8-pmmr

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-nhe2-8dtq-gqbf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

aliases CVE-2021-20202, GHSA-6xp6-fmc8-pmmr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9qa-sy57-fqby

url VCID-f8mj-85vd-2yh5

vulnerability_id VCID-f8mj-85vd-2yh5

summary

Allocation of Resources Without Limits or Throttling
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10758

reference_id

reference_type

scores

value	0.00529
scoring_system	epss
scoring_elements	0.67253
published_at	2026-04-18T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67194
published_at	2026-04-04T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67221
published_at	2026-04-08T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67234
published_at	2026-04-09T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67254
published_at	2026-04-11T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.6724
published_at	2026-04-12T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67207
published_at	2026-04-13T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67241
published_at	2026-04-16T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67133
published_at	2026-04-01T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.6717
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10758

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1843849

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1843849

reference_url

https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10758

reference_id

CVE-2020-10758

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10758

reference_url

https://github.com/advisories/GHSA-52rg-hpwq-qp56

reference_id

GHSA-52rg-hpwq-qp56

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-52rg-hpwq-qp56

reference_url	https://access.redhat.com/errata/RHSA-2020:3495
reference_id	RHSA-2020:3495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3495

reference_url	https://access.redhat.com/errata/RHSA-2020:3496
reference_id	RHSA-2020:3496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3496

reference_url	https://access.redhat.com/errata/RHSA-2020:3497
reference_id	RHSA-2020:3497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3497

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@11.0.1

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@11.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@11.0.1

aliases CVE-2020-10758, GHSA-52rg-hpwq-qp56

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8mj-85vd-2yh5

url

VCID-nhe2-8dtq-gqbf

vulnerability_id

VCID-nhe2-8dtq-gqbf

summary

URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:7854

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7854

reference_url

https://access.redhat.com/errata/RHSA-2023:7855

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7855

reference_url

https://access.redhat.com/errata/RHSA-2023:7856

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7856

reference_url

https://access.redhat.com/errata/RHSA-2023:7857

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7857

reference_url

https://access.redhat.com/errata/RHSA-2023:7858

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7858

reference_url

https://access.redhat.com/errata/RHSA-2023:7860

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7860

reference_url

https://access.redhat.com/errata/RHSA-2023:7861

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7861

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39708
published_at	2026-04-18T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39721
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39743
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39661
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39715
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3973
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39739
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39703
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39687
published_at	2026-04-13T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39737
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id	cpe:/a:redhat:build_keycloak:22
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id	cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id	cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id	cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id	cpe:/a:redhat:serverless:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1

reference_url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_url

https://github.com/advisories/GHSA-mpwq-j3xf-7m5w

reference_id

GHSA-mpwq-j3xf-7m5w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mpwq-j3xf-7m5w

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

reference_id

GHSA-mpwq-j3xf-7m5w

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

fixed_packages

aliases

CVE-2023-6291, GHSA-mpwq-j3xf-7m5w

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf

url VCID-sk6p-vfu6-7kem

vulnerability_id VCID-sk6p-vfu6-7kem

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50621
published_at	2026-04-18T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50518
published_at	2026-04-07T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50573
published_at	2026-04-08T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.5057
published_at	2026-04-09T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50612
published_at	2026-04-11T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50589
published_at	2026-04-12T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50574
published_at	2026-04-13T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50616
published_at	2026-04-16T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50481
published_at	2026-04-01T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50537
published_at	2026-04-02T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50565
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_id

CVE-2020-10776

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_id

GHSA-484q-784p-8m5h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-d1ua-u2v7-jqf8

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u5ba-kpd5-67bm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.0

aliases CVE-2020-10776, GHSA-484q-784p-8m5h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sk6p-vfu6-7kem

url VCID-th5p-51pd-3ffg

vulnerability_id VCID-th5p-51pd-3ffg

summary

Improper privilege management in Keycloak
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_url

https://access.redhat.com/security/cve/cve-2020-14389

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2020-14389

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_id

reference_type

scores

value	0.00148
scoring_system	epss
scoring_elements	0.35326
published_at	2026-04-18T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35321
published_at	2026-04-12T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35299
published_at	2026-04-13T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35337
published_at	2026-04-16T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35177
published_at	2026-04-01T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35378
published_at	2026-04-02T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35403
published_at	2026-04-04T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35285
published_at	2026-04-07T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35331
published_at	2026-04-08T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35356
published_at	2026-04-09T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35358
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id	1875843
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843

reference_url

https://github.com/advisories/GHSA-c9x9-xv66-xp3v

reference_id

GHSA-c9x9-xv66-xp3v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c9x9-xv66-xp3v

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3248-31p8-tyd4

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-6s4w-hv7a-ffaw

vulnerability	VCID-d1ua-u2v7-jqf8

vulnerability	VCID-djwn-hkwg-g3gk

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u5ba-kpd5-67bm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@12.0.0

aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th5p-51pd-3ffg

url VCID-u5ba-kpd5-67bm

vulnerability_id VCID-u5ba-kpd5-67bm

summary

Keycloak discloses information without authentication
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_id

reference_type

scores

value	0.85144
scoring_system	epss
scoring_elements	0.9936
published_at	2026-04-18T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99357
published_at	2026-04-13T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99356
published_at	2026-04-11T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99355
published_at	2026-04-09T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99354
published_at	2026-04-08T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99349
published_at	2026-04-02T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99353
published_at	2026-04-07T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99352
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_url

https://github.com/keycloak/keycloak/pull/7790

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7790

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-27838

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-27838

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url

https://github.com/advisories/GHSA-pcv5-m2wh-66j3

reference_id

GHSA-pcv5-m2wh-66j3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pcv5-m2wh-66j3

fixed_packages

url pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

purl pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-nhe2-8dtq-gqbf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@13.0.0

aliases CVE-2020-27838, GHSA-pcv5-m2wh-66j3

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5ba-kpd5-67bm

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-wildfly-server-subsystem@9.0.0

Package Instance