Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.keycloak/keycloak-server-spi-private@7.0.0

Type maven

Namespace org.keycloak

Name keycloak-server-spi-private

Version 7.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 26.5.6

Latest_non_vulnerable_version 26.5.6

Affected_by_vulnerabilities

url VCID-3kg4-uvgq-5khf

vulnerability_id VCID-3kg4-uvgq-5khf

summary

Server-Side Request Forgery (SSRF)
A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

references

reference_url

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10770

reference_id

reference_type

scores

value	0.92282
scoring_system	epss
scoring_elements	0.99734
published_at	2026-06-05T12:55:00Z

value	0.92282
scoring_system	epss
scoring_elements	0.99735
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10770

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2

reference_url

https://github.com/keycloak/keycloak-documentation/pull/1086

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-documentation/pull/1086

reference_url

https://github.com/keycloak/keycloak/pull/7714

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7714

reference_url

https://issues.redhat.com/browse/KEYCLOAK-14019

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-14019

reference_url

https://issues.redhat.com/browse/KEYCLOAK-3426

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-3426

reference_url

https://security.archlinux.org/AVG-1577

reference_id

AVG-1577

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1577

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py
reference_id	CVE-2020-10770
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10770

reference_id

CVE-2020-10770

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10770

reference_url

https://github.com/advisories/GHSA-jh7q-5mwf-qvhw

reference_id

GHSA-jh7q-5mwf-qvhw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jh7q-5mwf-qvhw

reference_url	https://access.redhat.com/errata/RHSA-2021:0318
reference_id	RHSA-2021:0318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0318

reference_url	https://access.redhat.com/errata/RHSA-2021:0319
reference_id	RHSA-2021:0319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0319

reference_url	https://access.redhat.com/errata/RHSA-2021:0320
reference_id	RHSA-2021:0320
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0320

reference_url	https://access.redhat.com/errata/RHSA-2021:0327
reference_id	RHSA-2021:0327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0327

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.2

aliases CVE-2020-10770, GHSA-jh7q-5mwf-qvhw

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kg4-uvgq-5khf

url VCID-azxv-y5rj-vkg9

vulnerability_id VCID-azxv-y5rj-vkg9

summary

Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

references

reference_url

https://access.redhat.com/errata/RHSA-2022:8961

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8961

reference_url

https://access.redhat.com/errata/RHSA-2022:8962

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8962

reference_url

https://access.redhat.com/errata/RHSA-2022:8963

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8963

reference_url

https://access.redhat.com/errata/RHSA-2022:8964

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8964

reference_url

https://access.redhat.com/errata/RHSA-2022:8965

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8965

reference_url

https://access.redhat.com/errata/RHSA-2023:1043

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1043

reference_url

https://access.redhat.com/errata/RHSA-2023:1044

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1044

reference_url

https://access.redhat.com/errata/RHSA-2023:1045

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1045

reference_url

https://access.redhat.com/errata/RHSA-2023:1047

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1047

reference_url

https://access.redhat.com/errata/RHSA-2023:1049

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1049

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45539
published_at	2026-06-05T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4547
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_url	https://github.com/advisories/GHSA-97g8-xfvw-q4hg
reference_id	GHSA-97g8-xfvw-q4hg
reference_type
scores
url	https://github.com/advisories/GHSA-97g8-xfvw-q4hg

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

reference_id

GHSA-97g8-xfvw-q4hg

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@20.0.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@20.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@20.0.2

aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9

url VCID-dc8s-fqv5-1uhk

vulnerability_id VCID-dc8s-fqv5-1uhk

summary

Improper Privilege Management
It was found that Keycloak would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_id

reference_type

scores

value	0.00148
scoring_system	epss
scoring_elements	0.3499
published_at	2026-06-04T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35086
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id	1875843
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843

reference_url

https://access.redhat.com/security/cve/cve-2020-14389

reference_id

CVE-2020-14389

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2020-14389

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_id

CVE-2020-14389

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-pu4g-rbu2-nbdb

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc8s-fqv5-1uhk

url VCID-gr2e-ntp4-9fdg

vulnerability_id VCID-gr2e-ntp4-9fdg

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.29814
published_at	2026-06-05T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29746
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_url

https://security.archlinux.org/AVG-1332

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1332

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_id

CVE-2020-1725

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_url

https://github.com/advisories/GHSA-p225-pc2x-4jpm

reference_id

GHSA-p225-pc2x-4jpm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p225-pc2x-4jpm

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg

url VCID-hjue-s41w-bye9

vulnerability_id VCID-hjue-s41w-bye9

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14302

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.35824
published_at	2026-06-04T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3592
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14302

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1849584
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1849584

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-14302
reference_id	CVE-2020-14302
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-14302

reference_url	https://access.redhat.com/errata/RHSA-2021:0967
reference_id	RHSA-2021:0967
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0967

reference_url	https://access.redhat.com/errata/RHSA-2021:0968
reference_id	RHSA-2021:0968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0968

reference_url	https://access.redhat.com/errata/RHSA-2021:0969
reference_id	RHSA-2021:0969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0969

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

aliases CVE-2020-14302

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjue-s41w-bye9

url VCID-jue7-bmnv-hqcy

vulnerability_id VCID-jue7-bmnv-hqcy

summary

Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.

references

reference_url

https://access.redhat.com/errata/RHSA-2026:2365

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/errata/RHSA-2026:2365

reference_url

https://access.redhat.com/errata/RHSA-2026:2366

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/errata/RHSA-2026:2366

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0871.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0871.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0871

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01658
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0871

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2428881

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2428881

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/9d0f679ecea405958f167fcd0f4a6db6ae32c3fa

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/9d0f679ecea405958f167fcd0f4a6db6ae32c3fa

reference_url

https://github.com/keycloak/keycloak/issues/45873

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/45873

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id	cpe:/a:redhat:jbosseapxp
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7

reference_url

https://access.redhat.com/security/cve/CVE-2026-0871

reference_id

CVE-2026-0871

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/security/cve/CVE-2026-0871

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-0871

reference_id

CVE-2026-0871

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-0871

reference_url

https://github.com/advisories/GHSA-v4jw-m6rm-399h

reference_id

GHSA-v4jw-m6rm-399h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v4jw-m6rm-399h

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

aliases CVE-2026-0871, GHSA-v4jw-m6rm-399h

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jue7-bmnv-hqcy

url VCID-kf26-bvty-a3g9

vulnerability_id VCID-kf26-bvty-a3g9

summary

Client Spoofing within the Keycloak Device Authorisation Grant
Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:3883

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3883

reference_url

https://access.redhat.com/errata/RHSA-2023:3884

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3884

reference_url

https://access.redhat.com/errata/RHSA-2023:3885

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3885

reference_url

https://access.redhat.com/errata/RHSA-2023:3888

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3888

reference_url

https://access.redhat.com/errata/RHSA-2023:3892

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:3892

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json

reference_url

https://access.redhat.com/security/cve/CVE-2023-2585

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2023-2585

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2585

reference_id

reference_type

scores

value	0.00112
scoring_system	epss
scoring_elements	0.29453
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2585

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-2585

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-2585

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2196335

reference_id

2196335

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2196335

reference_url	https://github.com/advisories/GHSA-f5h4-wmp5-xhg6
reference_id	GHSA-f5h4-wmp5-xhg6
reference_type
scores
url	https://github.com/advisories/GHSA-f5h4-wmp5-xhg6

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6

reference_id

GHSA-f5h4-wmp5-xhg6

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2

aliases CVE-2023-2585, GHSA-f5h4-wmp5-xhg6

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf26-bvty-a3g9

url VCID-pq67-ngsq-cbe4

vulnerability_id VCID-pq67-ngsq-cbe4

summary keycloak: Keycloak: Information Disclosure via improper role enforcement in UMA 2.0 Protection API

references

reference_url

https://access.redhat.com/errata/RHSA-2026:6477

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2026:6477

reference_url

https://access.redhat.com/errata/RHSA-2026:6478

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2026:6478

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json

reference_url

https://access.redhat.com/security/cve/CVE-2026-3190

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/

url

https://access.redhat.com/security/cve/CVE-2026-3190

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3190

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02142
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3190

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694

reference_url

https://github.com/keycloak/keycloak/issues/46723

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/46723

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-3190

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-3190

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2442572

reference_id

2442572

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2442572

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id	cpe:/a:redhat:build_keycloak:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:

reference_url	https://github.com/advisories/GHSA-q35r-vvhv-vx5h
reference_id	GHSA-q35r-vvhv-vx5h
reference_type
scores
url	https://github.com/advisories/GHSA-q35r-vvhv-vx5h

fixed_packages

url	pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6
purl	pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6

aliases CVE-2026-3190, GHSA-q35r-vvhv-vx5h

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq67-ngsq-cbe4

url VCID-uxs4-bydz-tbh4

vulnerability_id VCID-uxs4-bydz-tbh4

summary keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider

references

reference_url

https://access.redhat.com/errata/RHSA-2026:3925

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3925

reference_url

https://access.redhat.com/errata/RHSA-2026:3926

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3926

reference_url

https://access.redhat.com/errata/RHSA-2026:3947

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3947

reference_url

https://access.redhat.com/errata/RHSA-2026:3948

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3948

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json

reference_url

https://access.redhat.com/security/cve/CVE-2026-2603

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/security/cve/CVE-2026-2603

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2603

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45459
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2603

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a

reference_url

https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132

reference_url

https://github.com/keycloak/keycloak/commits/26.5.5

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commits/26.5.5

reference_url

https://github.com/keycloak/keycloak/issues/46911

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/46911

reference_url

https://github.com/keycloak/keycloak/pull/46932

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/46932

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2603

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2603

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2440300

reference_id

2440300

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2440300

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id	cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url	https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id	GHSA-x4p7-7chp-64hq
reference_type
scores
url	https://github.com/advisories/GHSA-x4p7-7chp-64hq

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.5

purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pq67-ngsq-cbe4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.5

aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxs4-bydz-tbh4

url VCID-wt2c-cyu2-kbgm

vulnerability_id VCID-wt2c-cyu2-kbgm

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_id

reference_type

scores

value	0.85144
scoring_system	epss
scoring_elements	0.99373
published_at	2026-06-05T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99371
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_url

https://github.com/keycloak/keycloak/pull/7790

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7790

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-27838

reference_id

CVE-2020-27838

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-27838

reference_url

https://github.com/advisories/GHSA-pcv5-m2wh-66j3

reference_id

GHSA-pcv5-m2wh-66j3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pcv5-m2wh-66j3

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@13.0.0

aliases CVE-2020-27838, GHSA-pcv5-m2wh-66j3

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2c-cyu2-kbgm

url VCID-wuh8-4akm-2uae

vulnerability_id VCID-wuh8-4akm-2uae

summary

Cross-site Scripting
In Keycloak, links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1697

reference_id

reference_type

scores

value	0.00283
scoring_system	epss
scoring_elements	0.5198
published_at	2026-06-05T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5192
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1697

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1791538
reference_id	1791538
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1791538

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1697

reference_id

CVE-2020-1697

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1697

reference_url

https://github.com/advisories/GHSA-8vf3-4w62-m3pq

reference_id

GHSA-8vf3-4w62-m3pq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8vf3-4w62-m3pq

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@9.0.0

aliases CVE-2020-1697, GHSA-8vf3-4w62-m3pq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuh8-4akm-2uae

url VCID-xbkp-kjgd-fqcx

vulnerability_id VCID-xbkp-kjgd-fqcx

summary

URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:7854

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7854

reference_url

https://access.redhat.com/errata/RHSA-2023:7855

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7855

reference_url

https://access.redhat.com/errata/RHSA-2023:7856

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7856

reference_url

https://access.redhat.com/errata/RHSA-2023:7857

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7857

reference_url

https://access.redhat.com/errata/RHSA-2023:7858

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7858

reference_url

https://access.redhat.com/errata/RHSA-2023:7860

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7860

reference_url

https://access.redhat.com/errata/RHSA-2023:7861

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7861

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39491
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id	cpe:/a:redhat:build_keycloak:22
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id	cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id	cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id	cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id	cpe:/a:redhat:serverless:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1

reference_url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_url	https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id	GHSA-mpwq-j3xf-7m5w
reference_type
scores
url	https://github.com/advisories/GHSA-mpwq-j3xf-7m5w

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

reference_id

GHSA-mpwq-j3xf-7m5w

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0

aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx

url VCID-y9de-4w6u-abfa

vulnerability_id VCID-y9de-4w6u-abfa

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50801
published_at	2026-06-05T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50741
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_id

CVE-2020-10776

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_id

GHSA-484q-784p-8m5h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

purl pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-jue7-bmnv-hqcy

vulnerability	VCID-kf26-bvty-a3g9

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-pu4g-rbu2-nbdb

vulnerability	VCID-uxs4-bydz-tbh4

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@12.0.0

aliases CVE-2020-10776, GHSA-484q-784p-8m5h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@7.0.0

Package Instance