Package Instance

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7976

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7976

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3513

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3513

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-xv7h-95r7-595j

reference_url

reference_id

GHSA-xv7h-95r7-595j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xv7h-95r7-595j

reference_url	https://access.redhat.com/errata/RHSA-2021:3527
reference_id	RHSA-2021:3527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3527

reference_url	https://access.redhat.com/errata/RHSA-2021:3528
reference_id	RHSA-2021:3528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3528

reference_url	https://access.redhat.com/errata/RHSA-2021:3529
reference_id	RHSA-2021:3529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3529

reference_url	https://access.redhat.com/errata/RHSA-2021:3534
reference_id	RHSA-2021:3534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3534

fixed_packages

url pkg:npm/keycloak-connect@13.0.0

purl pkg:npm/keycloak-connect@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@13.0.0

aliases CVE-2021-3513, GHSA-xv7h-95r7-595j

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14c3-xa9j-mbab

url VCID-3ued-3fnw-a7h7

vulnerability_id VCID-3ued-3fnw-a7h7

summary

Improper Certificate Validation
The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols (`http` or `ldap`) and hence the caller should verify the signature and possibly the certification path. Keycloak currently does not validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3875

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14521
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14613
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14703
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14762
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14723
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1463
published_at	2026-04-13T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14684
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14735
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14809
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3875

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875

reference_url	http://www.securityfocus.com/bid/108748
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/108748

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1690628
reference_id	1690628
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1690628

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3875

reference_id

CVE-2019-3875

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3875

reference_url

https://github.com/advisories/GHSA-38cg-gg9j-q9j9

reference_id

GHSA-38cg-gg9j-q9j9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-38cg-gg9j-q9j9

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:npm/keycloak-connect@7.0.0

purl pkg:npm/keycloak-connect@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-4wpu-jga7-9fer

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-b9np-xrb9-g3fd

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-m1cv-61u2-y3ck

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-mumt-rvzk-w7d4

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sghy-8wey-5yg5

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-umcf-t6w5-juha

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

vulnerability	VCID-yzy7-9vf5-tfht

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0

aliases CVE-2019-3875, GHSA-38cg-gg9j-q9j9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ued-3fnw-a7h7

url VCID-4wpu-jga7-9fer

vulnerability_id VCID-4wpu-jga7-9fer

summary

Keycloak Unauthenticated Access
A flaw was found in the Keycloak REST API before version 8.0.0, implemented in Keycloak before 7.0.1 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14832.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14832.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14832

reference_id

reference_type

scores

value	0.00383
scoring_system	epss
scoring_elements	0.59663
published_at	2026-04-16T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59515
published_at	2026-04-01T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59588
published_at	2026-04-02T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59613
published_at	2026-04-04T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59582
published_at	2026-04-07T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59634
published_at	2026-04-08T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59647
published_at	2026-04-09T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.59667
published_at	2026-04-11T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.5965
published_at	2026-04-12T12:55:00Z

value	0.00383
scoring_system	epss
scoring_elements	0.5963
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14832

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832

reference_url

https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14832

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14832

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1749487
reference_id	1749487
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1749487

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::
reference_id	cpe:2.3:a:redhat:keycloak::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::

reference_url

https://github.com/advisories/GHSA-8prc-58j4-m55q

reference_id

GHSA-8prc-58j4-m55q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8prc-58j4-m55q

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:npm/keycloak-connect@8.0.0

purl pkg:npm/keycloak-connect@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0

aliases CVE-2019-14832, GHSA-8prc-58j4-m55q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4wpu-jga7-9fer

url

VCID-7j7q-m1zp-zfac

vulnerability_id

VCID-7j7q-m1zp-zfac

summary

Keycloak has lack of validation of access token on client registrations endpoint
When a service account with the create-client or manage-clients role can use the client-registration endpoints to create/manage clients with an access token.

If the access token is leaked, there is an option to revoke the specific token. However, the check is not performed in client-registration endpoints.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json

reference_url

https://access.redhat.com/security/cve/CVE-2023-0091

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/

url

https://access.redhat.com/security/cve/CVE-2023-0091

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0091

reference_id

reference_type

scores

value	0.00104
scoring_system	epss
scoring_elements	0.28325
published_at	2026-04-16T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28469
published_at	2026-04-02T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28511
published_at	2026-04-04T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28302
published_at	2026-04-07T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28367
published_at	2026-04-08T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28411
published_at	2026-04-09T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28414
published_at	2026-04-11T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28371
published_at	2026-04-12T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28313
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0091

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-0091

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0091

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2158585
reference_id	2158585
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2158585

reference_url

https://github.com/advisories/GHSA-v436-q368-hvgg

reference_id

GHSA-v436-q368-hvgg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v436-q368-hvgg

fixed_packages

aliases

CVE-2023-0091, GHSA-v436-q368-hvgg, GMS-2023-37

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-7j7q-m1zp-zfac

url VCID-96mj-gt5k-23ck

vulnerability_id VCID-96mj-gt5k-23ck

summary

Improper Input Validation and Cross-Site Request Forgery in Keycloak
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10199

reference_id

reference_type

scores

value	0.00095
scoring_system	epss
scoring_elements	0.26359
published_at	2026-04-16T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26549
published_at	2026-04-04T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26331
published_at	2026-04-07T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26398
published_at	2026-04-08T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26449
published_at	2026-04-09T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26456
published_at	2026-04-11T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.2641
published_at	2026-04-12T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26352
published_at	2026-04-13T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26454
published_at	2026-04-01T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26505
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10199

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10199

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10199

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1729261
reference_id	1729261
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1729261

reference_url

https://github.com/advisories/GHSA-p5xp-6vpf-jwvh

reference_id

GHSA-p5xp-6vpf-jwvh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p5xp-6vpf-jwvh

reference_url	https://access.redhat.com/errata/RHSA-2019:2483
reference_id	RHSA-2019:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2483

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:npm/keycloak-connect@7.0.0

purl pkg:npm/keycloak-connect@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-4wpu-jga7-9fer

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-b9np-xrb9-g3fd

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-m1cv-61u2-y3ck

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-mumt-rvzk-w7d4

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sghy-8wey-5yg5

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-umcf-t6w5-juha

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

vulnerability	VCID-yzy7-9vf5-tfht

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0

aliases CVE-2019-10199, GHSA-p5xp-6vpf-jwvh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96mj-gt5k-23ck

url VCID-aps8-cw7n-57g3

vulnerability_id VCID-aps8-cw7n-57g3

summary

Loop with Unreachable Exit Condition (Infinite Loop)
When Keycloak receives a Logout request in the middle of the request, the `SAMLSloRequestParser.parse()` method ends in an infinite loop. An attacker could use this flaw to conduct denial of service attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2646.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2646.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2646

reference_id

reference_type

scores

value	0.00503
scoring_system	epss
scoring_elements	0.66123
published_at	2026-04-16T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66083
published_at	2026-04-04T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.6605
published_at	2026-04-07T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66098
published_at	2026-04-08T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66111
published_at	2026-04-09T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.6613
published_at	2026-04-11T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66117
published_at	2026-04-12T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66088
published_at	2026-04-13T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66013
published_at	2026-04-01T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66055
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2646

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2646

reference_url	http://www.securityfocus.com/bid/96882
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/96882

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1431230
reference_id	1431230
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1431230

reference_url

reference_id

CVE-2017-2646

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2646

reference_url

https://github.com/advisories/GHSA-jc6q-27mw-p55w

reference_id

GHSA-jc6q-27mw-p55w

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jc6q-27mw-p55w

fixed_packages

url pkg:npm/keycloak-connect@2.5.5

purl pkg:npm/keycloak-connect@2.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-3ued-3fnw-a7h7

vulnerability	VCID-4wpu-jga7-9fer

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-96mj-gt5k-23ck

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-hgu6-1a6g-13bw

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-m1cv-61u2-y3ck

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-mumt-rvzk-w7d4

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-r8e5-wta1-gqc8

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sghy-8wey-5yg5

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-uafc-khnd-uyga

vulnerability	VCID-v4pf-q8hu-8kda

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

vulnerability	VCID-ysrd-zv5b-wfeg

vulnerability	VCID-yzy7-9vf5-tfht

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@2.5.5

aliases CVE-2017-2646, GHSA-jc6q-27mw-p55w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aps8-cw7n-57g3

url VCID-dxj3-8sk5-mfdy

vulnerability_id VCID-dxj3-8sk5-mfdy

summary

Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

references

reference_url

https://access.redhat.com/errata/RHSA-2022:8961

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8961

reference_url

https://access.redhat.com/errata/RHSA-2022:8962

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8962

reference_url

https://access.redhat.com/errata/RHSA-2022:8963

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8963

reference_url

https://access.redhat.com/errata/RHSA-2022:8964

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8964

reference_url

https://access.redhat.com/errata/RHSA-2022:8965

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8965

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45481
published_at	2026-04-16T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45418
published_at	2026-04-02T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45438
published_at	2026-04-04T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45382
published_at	2026-04-07T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45437
published_at	2026-04-09T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45458
published_at	2026-04-11T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45428
published_at	2026-04-12T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4543
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_url

https://github.com/advisories/GHSA-97g8-xfvw-q4hg

reference_id

GHSA-97g8-xfvw-q4hg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-97g8-xfvw-q4hg

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

reference_id

GHSA-97g8-xfvw-q4hg

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

fixed_packages

url pkg:npm/keycloak-connect@20.0.2

purl pkg:npm/keycloak-connect@20.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@20.0.2

aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy

url VCID-e9qa-sy57-fqby

vulnerability_id VCID-e9qa-sy57-fqby

summary

Temporary Directory Hijacking Vulnerability in Keycloak
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20202

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.13879
published_at	2026-04-16T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14047
published_at	2026-04-01T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14128
published_at	2026-04-02T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14184
published_at	2026-04-04T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13999
published_at	2026-04-07T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14081
published_at	2026-04-08T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14134
published_at	2026-04-09T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14078
published_at	2026-04-11T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14036
published_at	2026-04-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.13984
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20202

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1922128

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1922128

reference_url

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j

reference_url

https://issues.redhat.com/browse/KEYCLOAK-17000

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-17000

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20202

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20202

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-6xp6-fmc8-pmmr

reference_url

reference_id

GHSA-6xp6-fmc8-pmmr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6xp6-fmc8-pmmr

fixed_packages

url pkg:npm/keycloak-connect@13.0.0

purl pkg:npm/keycloak-connect@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@13.0.0

aliases CVE-2021-20202, GHSA-6xp6-fmc8-pmmr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9qa-sy57-fqby

url

VCID-ebn8-cjqs-k3ad

vulnerability_id

VCID-ebn8-cjqs-k3ad

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4137

reference_id

reference_type

scores

value	0.00529
scoring_system	epss
scoring_elements	0.67227
published_at	2026-04-16T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67158
published_at	2026-04-07T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67182
published_at	2026-04-04T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67207
published_at	2026-04-08T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.6722
published_at	2026-04-09T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.6724
published_at	2026-04-11T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67226
published_at	2026-04-12T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67192
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4137

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2148496

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2148496

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a

reference_url

https://github.com/keycloak/keycloak/pull/16774

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/16774

reference_url

https://access.redhat.com/security/cve/CVE-2022-4137

reference_id

CVE-2022-4137

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2022-4137

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-4137

reference_id

CVE-2022-4137

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4137

reference_url

https://github.com/advisories/GHSA-9hhc-pj4w-w5rv

reference_id

GHSA-9hhc-pj4w-w5rv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9hhc-pj4w-w5rv

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv

reference_id

GHSA-9hhc-pj4w-w5rv

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv

fixed_packages

aliases

CVE-2022-4137, GHSA-9hhc-pj4w-w5rv, GMS-2023-616

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ebn8-cjqs-k3ad

url VCID-engr-q4ge-53dc

vulnerability_id VCID-engr-q4ge-53dc

summary

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

references

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6134

reference_id

reference_type

scores

value	0.02468
scoring_system	epss
scoring_elements	0.85283
published_at	2026-04-16T12:55:00Z

value	0.02468
scoring_system	epss
scoring_elements	0.85203
published_at	2026-04-02T12:55:00Z

value	0.02468
scoring_system	epss
scoring_elements	0.85221
published_at	2026-04-04T12:55:00Z

value	0.02468
scoring_system	epss
scoring_elements	0.85224
published_at	2026-04-07T12:55:00Z

value	0.02468
scoring_system	epss
scoring_elements	0.85246
published_at	2026-04-08T12:55:00Z

value	0.02468
scoring_system	epss
scoring_elements	0.85254
published_at	2026-04-09T12:55:00Z

value	0.02468
scoring_system	epss
scoring_elements	0.85268
published_at	2026-04-11T12:55:00Z

value	0.02468
scoring_system	epss
scoring_elements	0.85266
published_at	2026-04-12T12:55:00Z

value	0.02468
scoring_system	epss
scoring_elements	0.85263
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6134

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2249673

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2249673

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20

reference_url

https://access.redhat.com/security/cve/CVE-2023-6134

reference_id

CVE-2023-6134

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2023-6134

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6134

reference_id

CVE-2023-6134

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6134

reference_url

https://github.com/advisories/GHSA-cvg2-7c3j-g36j

reference_id

GHSA-cvg2-7c3j-g36j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cvg2-7c3j-g36j

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j

reference_id

GHSA-cvg2-7c3j-g36j

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j

fixed_packages

url pkg:npm/keycloak-connect@23.0.0

purl pkg:npm/keycloak-connect@23.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzn6-bzzf-nugp

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@23.0.0

aliases CVE-2023-6134, GHSA-cvg2-7c3j-g36j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-engr-q4ge-53dc

url VCID-fknh-1j7d-jyeq

vulnerability_id VCID-fknh-1j7d-jyeq

summary

Improper authorization in Keycloak
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1466

reference_id

reference_type

scores

value	0.00158
scoring_system	epss
scoring_elements	0.36626
published_at	2026-04-16T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.3658
published_at	2026-04-13T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.3652
published_at	2026-04-01T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36723
published_at	2026-04-04T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36692
published_at	2026-04-02T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36604
published_at	2026-04-12T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36638
published_at	2026-04-11T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36632
published_at	2026-04-09T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36613
published_at	2026-04-08T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36561
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1466

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2050228

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2050228

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt

reference_url

https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-1466

reference_id

CVE-2022-1466

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1466

reference_url

https://github.com/advisories/GHSA-f32v-vf79-p29q

reference_id

GHSA-f32v-vf79-p29q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f32v-vf79-p29q

reference_url	https://access.redhat.com/errata/RHSA-2022:0449
reference_id	RHSA-2022:0449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0449

fixed_packages

url pkg:npm/keycloak-connect@17.0.1

purl pkg:npm/keycloak-connect@17.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@17.0.1

aliases CVE-2022-1466, GHSA-f32v-vf79-p29q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fknh-1j7d-jyeq

url VCID-gjy5-c6by-2ufg

vulnerability_id VCID-gjy5-c6by-2ufg

summary

Improper Handling of Exceptional Conditions
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1744

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56222
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56225
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56192
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56186
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-07T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56217
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56233
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56056
published_at	2026-04-01T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56209
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56165
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1744

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744

reference_url

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2020-1744

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1805792
reference_id	1805792
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1805792

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::
reference_id	cpe:2.3:a:redhat:keycloak::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::

reference_url

reference_id

CVE-2020-1744

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2020-1744

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1744

reference_id

CVE-2020-1744

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1744

reference_url

https://github.com/advisories/GHSA-4gf2-xv97-63m2

reference_id

GHSA-4gf2-xv97-63m2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4gf2-xv97-63m2

reference_url	https://access.redhat.com/errata/RHSA-2020:0945
reference_id	RHSA-2020:0945
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0945

reference_url	https://access.redhat.com/errata/RHSA-2020:0946
reference_id	RHSA-2020:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0946

reference_url	https://access.redhat.com/errata/RHSA-2020:0947
reference_id	RHSA-2020:0947
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0947

reference_url	https://access.redhat.com/errata/RHSA-2020:0951
reference_id	RHSA-2020:0951
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0951

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

fixed_packages

url pkg:npm/keycloak-connect@9.0.2

purl pkg:npm/keycloak-connect@9.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.2

aliases CVE-2020-1744, GHSA-4gf2-xv97-63m2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjy5-c6by-2ufg

url

VCID-gp47-t3vm-57an

vulnerability_id

VCID-gp47-t3vm-57an

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

references

reference_url

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/

url

reference_url

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/

url

reference_url

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/

url

reference_url

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/

url

reference_url

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json

reference_url

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1438

reference_id

reference_type

scores

value	0.00166
scoring_system	epss
scoring_elements	0.37796
published_at	2026-04-16T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37645
published_at	2026-04-01T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37827
published_at	2026-04-02T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37853
published_at	2026-04-04T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37731
published_at	2026-04-07T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37781
published_at	2026-04-08T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37794
published_at	2026-04-09T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37808
published_at	2026-04-11T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37773
published_at	2026-04-12T12:55:00Z

value	0.00166
scoring_system	epss
scoring_elements	0.37748
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1438

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2031904

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2031904

reference_url

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045

reference_url

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url

https://access.redhat.com/security/cve/cve-2022-1438

reference_id

CVE-2022-1438

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2022-1438

reference_url

https://access.redhat.com/security/cve/CVE-2022-1438

reference_id

CVE-2022-1438

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/

url

https://access.redhat.com/security/cve/CVE-2022-1438

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-1438

reference_id

CVE-2022-1438

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1438

reference_url

https://github.com/advisories/GHSA-w354-2f3c-qvg9

reference_id

GHSA-w354-2f3c-qvg9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w354-2f3c-qvg9

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9

reference_id

GHSA-w354-2f3c-qvg9

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9

fixed_packages

aliases

CVE-2022-1438, GHSA-w354-2f3c-qvg9, GMS-2023-529

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-gp47-t3vm-57an

url VCID-hgu6-1a6g-13bw

vulnerability_id VCID-hgu6-1a6g-13bw

summary The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14637

reference_id

reference_type

scores

value	0.00252
scoring_system	epss
scoring_elements	0.48575
published_at	2026-04-16T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48521
published_at	2026-04-08T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48517
published_at	2026-04-09T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48539
published_at	2026-04-11T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48512
published_at	2026-04-12T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48525
published_at	2026-04-13T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48455
published_at	2026-04-01T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48492
published_at	2026-04-02T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48514
published_at	2026-04-04T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48467
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14637

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637

reference_url	https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1627851
reference_id	1627851
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1627851

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14637

reference_id

CVE-2018-14637

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14637

reference_url

https://github.com/advisories/GHSA-gf2j-7qwg-4f5x

reference_id

GHSA-gf2j-7qwg-4f5x

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gf2j-7qwg-4f5x

fixed_packages

url pkg:npm/keycloak-connect@4.6.0

purl pkg:npm/keycloak-connect@4.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-3ued-3fnw-a7h7

vulnerability	VCID-4wpu-jga7-9fer

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-96mj-gt5k-23ck

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-m1cv-61u2-y3ck

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-mumt-rvzk-w7d4

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-r8e5-wta1-gqc8

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sghy-8wey-5yg5

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-v4pf-q8hu-8kda

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

vulnerability	VCID-ysrd-zv5b-wfeg

vulnerability	VCID-yzy7-9vf5-tfht

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.6.0

aliases CVE-2018-14637, GHSA-gf2j-7qwg-4f5x

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgu6-1a6g-13bw

url

VCID-jzn6-bzzf-nugp

vulnerability_id

VCID-jzn6-bzzf-nugp

summary

Improper Validation of Integrity Check Value
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

references

reference_url

http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-48795

reference_id

reference_type

scores

value	0.5673
scoring_system	epss
scoring_elements	0.98124
published_at	2026-04-09T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98134
published_at	2026-04-16T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98129
published_at	2026-04-13T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98128
published_at	2026-04-12T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98114
published_at	2026-04-02T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98118
published_at	2026-04-04T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98119
published_at	2026-04-07T12:55:00Z

value	0.5673
scoring_system	epss
scoring_elements	0.98123
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-48795

reference_url

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack

reference_url

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

reference_url

https://bugs.gentoo.org/920280

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://bugs.gentoo.org/920280

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2254210

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2254210

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=1217950

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://bugzilla.suse.com/show_bug.cgi?id=1217950

reference_url

https://crates.io/crates/thrussh/versions

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://crates.io/crates/thrussh/versions

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918

reference_url

http://seclists.org/fulldisclosure/2024/Mar/21

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://seclists.org/fulldisclosure/2024/Mar/21

reference_url

https://filezilla-project.org/versions.php

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://filezilla-project.org/versions.php

reference_url

https://forum.netgate.com/topic/184941/terrapin-ssh-attack

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://forum.netgate.com/topic/184941/terrapin-ssh-attack

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/mina-sshd/issues/445

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/apache/mina-sshd/issues/445

reference_url

https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab

reference_url

https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22

reference_url

https://github.com/cyd01/KiTTY/issues/520

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/cyd01/KiTTY/issues/520

reference_url

https://github.com/drakkan/sftpgo/releases/tag/v2.5.6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/drakkan/sftpgo/releases/tag/v2.5.6

reference_url

https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42

reference_url

https://github.com/erlang/otp/releases/tag/OTP-26.2.1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/erlang/otp/releases/tag/OTP-26.2.1

reference_url

https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d

reference_url

https://github.com/hierynomus/sshj/issues/916

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/hierynomus/sshj/issues/916

reference_url

https://github.com/janmojzis/tinyssh/issues/81

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/janmojzis/tinyssh/issues/81

reference_url

https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5

reference_url

https://github.com/libssh2/libssh2/pull/1291

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/libssh2/libssh2/pull/1291

reference_url

https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25

reference_url

https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3

reference_url

https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15

reference_url

https://github.com/mwiede/jsch/issues/457

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mwiede/jsch/issues/457

reference_url

https://github.com/mwiede/jsch/pull/461

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/mwiede/jsch/pull/461

reference_url

https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16

reference_url

https://github.com/NixOS/nixpkgs/pull/275249

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/NixOS/nixpkgs/pull/275249

reference_url

https://github.com/openssh/openssh-portable/commits/master

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/openssh/openssh-portable/commits/master

reference_url

https://github.com/paramiko/paramiko/issues/2337

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/paramiko/paramiko/issues/2337

reference_url

https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773

reference_url

https://github.com/PowerShell/Win32-OpenSSH/issues/2189

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/PowerShell/Win32-OpenSSH/issues/2189

reference_url

https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta

reference_url

https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES

reference_url

https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES

reference_url

https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

reference_url

https://github.com/proftpd/proftpd/issues/456

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/proftpd/proftpd/issues/456

reference_url

https://github.com/rapier1/hpn-ssh/releases

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/rapier1/hpn-ssh/releases

reference_url

https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst

reference_url

https://github.com/ronf/asyncssh/tags

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/ronf/asyncssh/tags

reference_url

https://github.com/ssh-mitm/ssh-mitm/issues/165

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/ssh-mitm/ssh-mitm/issues/165

reference_url

https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0

reference_url

https://github.com/TeraTermProject/teraterm/releases/tag/v5.1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/TeraTermProject/teraterm/releases/tag/v5.1

reference_url

https://github.com/warp-tech/russh

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/warp-tech/russh

reference_url

https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951

reference_url

https://github.com/warp-tech/russh/releases/tag/v0.40.2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/warp-tech/russh/releases/tag/v0.40.2

reference_url

https://gitlab.com/libssh/libssh-mirror/-/tags

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://gitlab.com/libssh/libssh-mirror/-/tags

reference_url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6

reference_url

https://go.dev/cl/550715

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/cl/550715

reference_url

https://go.dev/issue/64784

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://go.dev/issue/64784

reference_url

https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ

reference_url

https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg

reference_url

https://help.panic.com/releasenotes/transmit5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://help.panic.com/releasenotes/transmit5

reference_url

https://help.panic.com/releasenotes/transmit5/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://help.panic.com/releasenotes/transmit5/

reference_url

https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795

reference_url

https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/

reference_url

https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html

reference_url

https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3

100

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

101

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

102

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

103

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

104

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

105

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB

106

reference_url

https://matt.ucc.asn.au/dropbear/CHANGES

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://matt.ucc.asn.au/dropbear/CHANGES

107

reference_url

https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC

108

reference_url

https://news.ycombinator.com/item?id=38684904

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://news.ycombinator.com/item?id=38684904

109

reference_url

https://news.ycombinator.com/item?id=38685286

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://news.ycombinator.com/item?id=38685286

110

reference_url

https://news.ycombinator.com/item?id=38732005

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://news.ycombinator.com/item?id=38732005

111

reference_url

https://nova.app/releases/#v11.8

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://nova.app/releases/#v11.8

112

reference_url

https://oryx-embedded.com/download/#changelog

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://oryx-embedded.com/download/#changelog

113

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002

114

reference_url

https://roumenpetrov.info/secsh/#news20231220

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://roumenpetrov.info/secsh/#news20231220

115

reference_url

https://security.gentoo.org/glsa/202312-16

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security.gentoo.org/glsa/202312-16

116

reference_url

https://security.gentoo.org/glsa/202312-17

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security.gentoo.org/glsa/202312-17

117

reference_url

https://security.netapp.com/advisory/ntap-20240105-0004

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240105-0004

118

reference_url

https://security-tracker.debian.org/tracker/source-package/libssh2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security-tracker.debian.org/tracker/source-package/libssh2

119

reference_url

https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg

120

reference_url

https://security-tracker.debian.org/tracker/source-package/trilead-ssh2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security-tracker.debian.org/tracker/source-package/trilead-ssh2

121

reference_url

https://support.apple.com/kb/HT214084

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://support.apple.com/kb/HT214084

122

reference_url

https://twitter.com/TrueSkrillor/status/1736774389725565005

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://twitter.com/TrueSkrillor/status/1736774389725565005

123

reference_url

https://winscp.net/eng/docs/history#6.2.2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://winscp.net/eng/docs/history#6.2.2

124

reference_url

https://www.bitvise.com/ssh-client-version-history#933

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.bitvise.com/ssh-client-version-history#933

125

reference_url

https://www.bitvise.com/ssh-server-version-history

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.bitvise.com/ssh-server-version-history

126

reference_url

https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

127

reference_url

https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update

128

reference_url

https://www.debian.org/security/2023/dsa-5586

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.debian.org/security/2023/dsa-5586

129

reference_url

https://www.debian.org/security/2023/dsa-5588

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.debian.org/security/2023/dsa-5588

130

reference_url

https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

131

reference_url

https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508

132

reference_url

https://www.netsarang.com/en/xshell-update-history

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.netsarang.com/en/xshell-update-history

133

reference_url

https://www.netsarang.com/en/xshell-update-history/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.netsarang.com/en/xshell-update-history/

134

reference_url

https://www.openssh.com/openbsd.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.openssh.com/openbsd.html

135

reference_url

https://www.openssh.com/txt/release-9.6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.openssh.com/txt/release-9.6

136

reference_url

https://www.openwall.com/lists/oss-security/2023/12/18/2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.openwall.com/lists/oss-security/2023/12/18/2

137

reference_url

https://www.openwall.com/lists/oss-security/2023/12/20/3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.openwall.com/lists/oss-security/2023/12/20/3

138

reference_url

https://www.paramiko.org/changelog.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.paramiko.org/changelog.html

139

reference_url

https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed

140

reference_url

https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/

141

reference_url

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795

142

reference_url

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/

143

reference_url

https://www.terrapin-attack.com

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.terrapin-attack.com

144

reference_url

https://www.theregister.com/2023/12/20/terrapin_attack_ssh

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.theregister.com/2023/12/20/terrapin_attack_ssh

145

reference_url

https://www.vandyke.com/products/securecrt/history.txt

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://www.vandyke.com/products/securecrt/history.txt

146

reference_url

http://www.openwall.com/lists/oss-security/2023/12/18/3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2023/12/18/3

147

reference_url

http://www.openwall.com/lists/oss-security/2023/12/19/5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2023/12/19/5

148

reference_url

http://www.openwall.com/lists/oss-security/2023/12/20/3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2023/12/20/3

149

reference_url

http://www.openwall.com/lists/oss-security/2024/03/06/3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2024/03/06/3

150

reference_url

http://www.openwall.com/lists/oss-security/2024/04/17/8

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

http://www.openwall.com/lists/oss-security/2024/04/17/8

151

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001
reference_id	1059001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001

152

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002
reference_id	1059002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002

153

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003
reference_id	1059003
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003

154

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004
reference_id	1059004
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004

155

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005
reference_id	1059005
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005

156

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006
reference_id	1059006
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006

157

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007
reference_id	1059007
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007

158

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058
reference_id	1059058
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058

159

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144
reference_id	1059144
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144

160

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290
reference_id	1059290
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290

161

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294
reference_id	1059294
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294

162

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/

reference_id

33XHJUB6ROFUOH2OQNENFROTVH6MHSHA

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/

163

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/

reference_id

3CAYYW35MUTNO65RVAELICTNZZFMT2XS

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/

164

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/

reference_id

3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/

165

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/

reference_id

6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/

166

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/

reference_id

BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/

167

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/

reference_id

C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/

168

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/

reference_id

CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/

169

reference_url

https://access.redhat.com/security/cve/cve-2023-48795

reference_id

CVE-2023-48795

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://access.redhat.com/security/cve/cve-2023-48795

170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-48795

reference_id

CVE-2023-48795

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-48795

171

reference_url

https://security-tracker.debian.org/tracker/CVE-2023-48795

reference_id

CVE-2023-48795

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security-tracker.debian.org/tracker/CVE-2023-48795

172

reference_url

https://ubuntu.com/security/CVE-2023-48795

reference_id

CVE-2023-48795

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://ubuntu.com/security/CVE-2023-48795

173

reference_url

https://thorntech.com/cve-2023-48795-and-sftp-gateway

reference_id

CVE-2023-48795-AND-SFTP-GATEWAY

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://thorntech.com/cve-2023-48795-and-sftp-gateway

174

reference_url

https://thorntech.com/cve-2023-48795-and-sftp-gateway/

reference_id

CVE-2023-48795-AND-SFTP-GATEWAY

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://thorntech.com/cve-2023-48795-and-sftp-gateway/

175

reference_url

https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit

reference_id

CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit

176

reference_url

https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability

reference_id

CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability

177

reference_url

https://github.com/advisories/GHSA-45x7-px36-x8w8

reference_id

GHSA-45x7-px36-x8w8

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://github.com/advisories/GHSA-45x7-px36-x8w8

178

reference_url

https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8

reference_id

GHSA-45x7-px36-x8w8

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8

179

reference_url	https://security.gentoo.org/glsa/202407-11
reference_id	GLSA-202407-11
reference_type
scores
url	https://security.gentoo.org/glsa/202407-11

180

reference_url	https://security.gentoo.org/glsa/202407-12
reference_id	GLSA-202407-12
reference_type
scores
url	https://security.gentoo.org/glsa/202407-12

181

reference_url	https://security.gentoo.org/glsa/202509-06
reference_id	GLSA-202509-06
reference_type
scores
url	https://security.gentoo.org/glsa/202509-06

182

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/

reference_id

HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/

183

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/

reference_id

I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/

184

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/

reference_id

KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/

185

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/

reference_id

L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/

186

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/

reference_id

LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/

187

reference_url

https://security.netapp.com/advisory/ntap-20240105-0004/

reference_id

ntap-20240105-0004

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/

url

https://security.netapp.com/advisory/ntap-20240105-0004/

188

reference_url	https://access.redhat.com/errata/RHSA-2023:7197
reference_id	RHSA-2023:7197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7197

189

reference_url	https://access.redhat.com/errata/RHSA-2023:7198
reference_id	RHSA-2023:7198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7198

190

reference_url	https://access.redhat.com/errata/RHSA-2023:7201
reference_id	RHSA-2023:7201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7201

191

reference_url	https://access.redhat.com/errata/RHSA-2024:0040
reference_id	RHSA-2024:0040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0040

192

reference_url	https://access.redhat.com/errata/RHSA-2024:0429
reference_id	RHSA-2024:0429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0429

193

reference_url	https://access.redhat.com/errata/RHSA-2024:0455
reference_id	RHSA-2024:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0455

194

reference_url	https://access.redhat.com/errata/RHSA-2024:0499
reference_id	RHSA-2024:0499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0499

195

reference_url	https://access.redhat.com/errata/RHSA-2024:0538
reference_id	RHSA-2024:0538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0538

196

reference_url	https://access.redhat.com/errata/RHSA-2024:0594
reference_id	RHSA-2024:0594
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0594

197

reference_url	https://access.redhat.com/errata/RHSA-2024:0606
reference_id	RHSA-2024:0606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0606

198

reference_url	https://access.redhat.com/errata/RHSA-2024:0625
reference_id	RHSA-2024:0625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0625

199

reference_url	https://access.redhat.com/errata/RHSA-2024:0628
reference_id	RHSA-2024:0628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0628

200

reference_url	https://access.redhat.com/errata/RHSA-2024:0766
reference_id	RHSA-2024:0766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0766

201

reference_url	https://access.redhat.com/errata/RHSA-2024:0789
reference_id	RHSA-2024:0789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0789

202

reference_url	https://access.redhat.com/errata/RHSA-2024:0843
reference_id	RHSA-2024:0843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0843

203

reference_url	https://access.redhat.com/errata/RHSA-2024:0880
reference_id	RHSA-2024:0880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0880

204

reference_url	https://access.redhat.com/errata/RHSA-2024:0954
reference_id	RHSA-2024:0954
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0954

205

reference_url	https://access.redhat.com/errata/RHSA-2024:1130
reference_id	RHSA-2024:1130
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1130

206

reference_url	https://access.redhat.com/errata/RHSA-2024:1150
reference_id	RHSA-2024:1150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1150

207

reference_url	https://access.redhat.com/errata/RHSA-2024:1192
reference_id	RHSA-2024:1192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1192

208

reference_url	https://access.redhat.com/errata/RHSA-2024:1193
reference_id	RHSA-2024:1193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1193

209

reference_url	https://access.redhat.com/errata/RHSA-2024:1196
reference_id	RHSA-2024:1196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1196

210

reference_url	https://access.redhat.com/errata/RHSA-2024:1197
reference_id	RHSA-2024:1197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1197

211

reference_url	https://access.redhat.com/errata/RHSA-2024:1210
reference_id	RHSA-2024:1210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1210

212

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

213

reference_url	https://access.redhat.com/errata/RHSA-2024:1557
reference_id	RHSA-2024:1557
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1557

214

reference_url	https://access.redhat.com/errata/RHSA-2024:1859
reference_id	RHSA-2024:1859
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1859

215

reference_url	https://access.redhat.com/errata/RHSA-2024:2728
reference_id	RHSA-2024:2728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2728

216

reference_url	https://access.redhat.com/errata/RHSA-2024:2735
reference_id	RHSA-2024:2735
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2735

217

reference_url	https://access.redhat.com/errata/RHSA-2024:2768
reference_id	RHSA-2024:2768
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2768

218

reference_url	https://access.redhat.com/errata/RHSA-2024:2988
reference_id	RHSA-2024:2988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2988

219

reference_url	https://access.redhat.com/errata/RHSA-2024:3479
reference_id	RHSA-2024:3479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3479

220

reference_url	https://access.redhat.com/errata/RHSA-2024:3634
reference_id	RHSA-2024:3634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3634

221

reference_url	https://access.redhat.com/errata/RHSA-2024:3635
reference_id	RHSA-2024:3635
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3635

222

reference_url	https://access.redhat.com/errata/RHSA-2024:3636
reference_id	RHSA-2024:3636
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3636

223

reference_url	https://access.redhat.com/errata/RHSA-2024:3918
reference_id	RHSA-2024:3918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3918

224

reference_url	https://access.redhat.com/errata/RHSA-2024:4010
reference_id	RHSA-2024:4010
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4010

225

reference_url	https://access.redhat.com/errata/RHSA-2024:4151
reference_id	RHSA-2024:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4151

226

reference_url	https://access.redhat.com/errata/RHSA-2024:4329
reference_id	RHSA-2024:4329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4329

227

reference_url	https://access.redhat.com/errata/RHSA-2024:4479
reference_id	RHSA-2024:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4479

228

reference_url	https://access.redhat.com/errata/RHSA-2024:4484
reference_id	RHSA-2024:4484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4484

229

reference_url	https://access.redhat.com/errata/RHSA-2024:4597
reference_id	RHSA-2024:4597
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4597

230

reference_url	https://access.redhat.com/errata/RHSA-2024:4662
reference_id	RHSA-2024:4662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4662

231

reference_url	https://access.redhat.com/errata/RHSA-2024:4955
reference_id	RHSA-2024:4955
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4955

232

reference_url	https://access.redhat.com/errata/RHSA-2024:4959
reference_id	RHSA-2024:4959
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4959

233

reference_url	https://access.redhat.com/errata/RHSA-2024:5200
reference_id	RHSA-2024:5200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5200

234

reference_url	https://access.redhat.com/errata/RHSA-2024:5432
reference_id	RHSA-2024:5432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5432

235

reference_url	https://access.redhat.com/errata/RHSA-2024:5433
reference_id	RHSA-2024:5433
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5433

236

reference_url	https://access.redhat.com/errata/RHSA-2024:5438
reference_id	RHSA-2024:5438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5438

237

reference_url	https://access.redhat.com/errata/RHSA-2024:8235
reference_id	RHSA-2024:8235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8235

238

reference_url	https://access.redhat.com/errata/RHSA-2025:4664
reference_id	RHSA-2025:4664
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4664

239

reference_url	https://usn.ubuntu.com/6560-1/
reference_id	USN-6560-1
reference_type
scores
url	https://usn.ubuntu.com/6560-1/

240

reference_url	https://usn.ubuntu.com/6560-2/
reference_id	USN-6560-2
reference_type
scores
url	https://usn.ubuntu.com/6560-2/

241

reference_url	https://usn.ubuntu.com/6561-1/
reference_id	USN-6561-1
reference_type
scores
url	https://usn.ubuntu.com/6561-1/

242

reference_url	https://usn.ubuntu.com/6585-1/
reference_id	USN-6585-1
reference_type
scores
url	https://usn.ubuntu.com/6585-1/

243

reference_url	https://usn.ubuntu.com/6589-1/
reference_id	USN-6589-1
reference_type
scores
url	https://usn.ubuntu.com/6589-1/

244

reference_url	https://usn.ubuntu.com/6598-1/
reference_id	USN-6598-1
reference_type
scores
url	https://usn.ubuntu.com/6598-1/

245

reference_url	https://usn.ubuntu.com/6738-1/
reference_id	USN-6738-1
reference_type
scores
url	https://usn.ubuntu.com/6738-1/

246

reference_url	https://usn.ubuntu.com/7051-1/
reference_id	USN-7051-1
reference_type
scores
url	https://usn.ubuntu.com/7051-1/

247

reference_url	https://usn.ubuntu.com/7292-1/
reference_id	USN-7292-1
reference_type
scores
url	https://usn.ubuntu.com/7292-1/

248

reference_url	https://usn.ubuntu.com/7297-1/
reference_id	USN-7297-1
reference_type
scores
url	https://usn.ubuntu.com/7297-1/

fixed_packages

aliases

CVE-2023-48795, GHSA-45x7-px36-x8w8

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-jzn6-bzzf-nugp

url VCID-kzc8-pgz7-6bep

vulnerability_id VCID-kzc8-pgz7-6bep

summary

Keycloak Insufficient Session Expiry
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1724

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33377
published_at	2026-04-16T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33342
published_at	2026-04-13T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33365
published_at	2026-04-12T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33369
published_at	2026-04-08T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33323
published_at	2026-04-07T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33403
published_at	2026-04-09T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33314
published_at	2026-04-01T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33451
published_at	2026-04-02T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33406
published_at	2026-04-11T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33482
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1724

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1724

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1724

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800527
reference_id	1800527
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800527

reference_url

https://github.com/advisories/GHSA-8xj2-47xw-q78c

reference_id

GHSA-8xj2-47xw-q78c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xj2-47xw-q78c

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

fixed_packages

url pkg:npm/keycloak-connect@9.0.2

purl pkg:npm/keycloak-connect@9.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.2

aliases CVE-2020-1724, GHSA-8xj2-47xw-q78c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzc8-pgz7-6bep

url VCID-m1cv-61u2-y3ck

vulnerability_id VCID-m1cv-61u2-y3ck

summary

Keycloak code execution via UMA policy abuse
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10169.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10169.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10169

reference_id

reference_type

scores

value	0.00608
scoring_system	epss
scoring_elements	0.69731
published_at	2026-04-16T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.69623
published_at	2026-04-01T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.69635
published_at	2026-04-02T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.69651
published_at	2026-04-04T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.69629
published_at	2026-04-07T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.6968
published_at	2026-04-08T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.69697
published_at	2026-04-09T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.69719
published_at	2026-04-11T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.69705
published_at	2026-04-12T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.69692
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10169

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10169

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10169

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568797

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568797

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1721302
reference_id	1721302
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1721302

reference_url

https://github.com/advisories/GHSA-9c24-43p5-fv82

reference_id

GHSA-9c24-43p5-fv82

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9c24-43p5-fv82

fixed_packages

url pkg:npm/keycloak-connect@8.0.0

purl pkg:npm/keycloak-connect@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0

aliases CVE-2019-10169, GHSA-9c24-43p5-fv82

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1cv-61u2-y3ck

url VCID-mqgm-ezmw-h7ev

vulnerability_id VCID-mqgm-ezmw-h7ev

summary

keycloak-connect contains Open redirect vulnerability in the Node.js adapter
There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using `checkSSO` with query param `prompt=none`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2237.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2237.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2237

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.50776
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50792
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50815
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50775
published_at	2026-04-08T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50772
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.5072
published_at	2026-04-07T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.5098
published_at	2026-04-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50955
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2237

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2097007

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:14:56Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2097007

reference_url

https://github.com/keycloak/keycloak-nodejs-connect

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-nodejs-connect

reference_url

https://github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c21

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c21

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2237

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2237

reference_url

https://github.com/advisories/GHSA-59fq-727j-hm3f

reference_id

GHSA-59fq-727j-hm3f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-59fq-727j-hm3f

reference_url

https://github.com/keycloak/keycloak-nodejs-connect/security/advisories/GHSA-59fq-727j-hm3f

reference_id

GHSA-59fq-727j-hm3f

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-nodejs-connect/security/advisories/GHSA-59fq-727j-hm3f

fixed_packages

url pkg:npm/keycloak-connect@18.0.2

purl pkg:npm/keycloak-connect@18.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@18.0.2

url pkg:npm/keycloak-connect@21.0.1

purl pkg:npm/keycloak-connect@21.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-nhe2-8dtq-gqbf

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@21.0.1

aliases CVE-2022-2237, GHSA-59fq-727j-hm3f, GMS-2023-578

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqgm-ezmw-h7ev

url VCID-mumt-rvzk-w7d4

vulnerability_id VCID-mumt-rvzk-w7d4

summary

Improper Authentication
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_id

reference_type

scores

value	0.00367
scoring_system	epss
scoring_elements	0.5867
published_at	2026-04-16T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58653
published_at	2026-04-08T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58659
published_at	2026-04-09T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58677
published_at	2026-04-11T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58658
published_at	2026-04-12T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58638
published_at	2026-04-13T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58526
published_at	2026-04-01T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5861
published_at	2026-04-02T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58631
published_at	2026-04-04T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58601
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756
reference_id	1796756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_id

CVE-2020-1718

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_url

https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_id

GHSA-j229-2h63-rvh9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

fixed_packages

url pkg:npm/keycloak-connect@8.0.0

purl pkg:npm/keycloak-connect@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0

aliases CVE-2020-1718, GHSA-j229-2h63-rvh9

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mumt-rvzk-w7d4

url VCID-nhe2-8dtq-gqbf

vulnerability_id VCID-nhe2-8dtq-gqbf

summary

URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

references

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39737
published_at	2026-04-16T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39721
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39743
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39661
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39715
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3973
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39739
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39703
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39687
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id	cpe:/a:redhat:build_keycloak:22
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id	cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id	cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id	cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id	cpe:/a:redhat:serverless:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1

reference_url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_url

https://github.com/advisories/GHSA-mpwq-j3xf-7m5w

reference_id

GHSA-mpwq-j3xf-7m5w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mpwq-j3xf-7m5w

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

reference_id

GHSA-mpwq-j3xf-7m5w

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

fixed_packages

url pkg:npm/keycloak-connect@23.0.0

purl pkg:npm/keycloak-connect@23.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jzn6-bzzf-nugp

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@23.0.0

aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf

url VCID-r8e5-wta1-gqc8

vulnerability_id VCID-r8e5-wta1-gqc8

summary

Improper Authentication
It was found that Keycloak's Node.js adapter did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10157.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10157.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10157

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.04987
published_at	2026-04-16T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04954
published_at	2026-04-01T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05007
published_at	2026-04-02T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05035
published_at	2026-04-04T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05057
published_at	2026-04-07T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.0509
published_at	2026-04-08T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05104
published_at	2026-04-09T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05079
published_at	2026-04-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05061
published_at	2026-04-12T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05044
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10157

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157

reference_url

https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6

reference_url

https://snyk.io/vuln/SNYK-JS-KEYCLOAKNODEJSCONNECT-449920

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-KEYCLOAKNODEJSCONNECT-449920

reference_url

https://www.npmjs.com/advisories/978

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/978

reference_url

http://www.securityfocus.com/bid/108734

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108734

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1702953
reference_id	1702953
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1702953

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10157

reference_id

CVE-2019-10157

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10157

reference_url

https://github.com/advisories/GHSA-68hw-vfh7-xvg8

reference_id

GHSA-68hw-vfh7-xvg8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-68hw-vfh7-xvg8

fixed_packages

url pkg:npm/keycloak-connect@4.8.3

purl pkg:npm/keycloak-connect@4.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-3ued-3fnw-a7h7

vulnerability	VCID-4wpu-jga7-9fer

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-96mj-gt5k-23ck

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-m1cv-61u2-y3ck

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-mumt-rvzk-w7d4

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sghy-8wey-5yg5

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-v4pf-q8hu-8kda

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

vulnerability	VCID-ysrd-zv5b-wfeg

vulnerability	VCID-yzy7-9vf5-tfht

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.8.3

aliases CVE-2019-10157, GHSA-68hw-vfh7-xvg8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8e5-wta1-gqc8

url VCID-s6f1-tnbu-jfaq

vulnerability_id VCID-s6f1-tnbu-jfaq

summary

Keycloak leaks sensitive information in logged exceptions
A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1698

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.15561
published_at	2026-04-16T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15724
published_at	2026-04-01T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15752
published_at	2026-04-02T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15818
published_at	2026-04-04T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15621
published_at	2026-04-07T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15706
published_at	2026-04-08T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15765
published_at	2026-04-09T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15734
published_at	2026-04-11T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.157
published_at	2026-04-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15635
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1698

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698

reference_url

https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836

reference_url

https://github.com/keycloak/keycloak/pull/6751

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/6751

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1698

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1698

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1790292
reference_id	1790292
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1790292

reference_url

https://github.com/advisories/GHSA-qgmm-f2qw-r95f

reference_id

GHSA-qgmm-f2qw-r95f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qgmm-f2qw-r95f

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:5625
reference_id	RHSA-2020:5625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5625

fixed_packages

url pkg:npm/keycloak-connect@9.0.0

purl pkg:npm/keycloak-connect@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-255g-p3tj-k7fk

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.0

aliases CVE-2020-1698, GHSA-qgmm-f2qw-r95f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6f1-tnbu-jfaq

url VCID-sghy-8wey-5yg5

vulnerability_id VCID-sghy-8wey-5yg5

summary

Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14820

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.5421
published_at	2026-04-13T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54151
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54203
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54199
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54248
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54231
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54129
published_at	2026-04-01T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54146
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54176
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14820

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14820

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14820

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1649870
reference_id	1649870
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1649870

reference_url

https://github.com/advisories/GHSA-xfqh-7356-vqjj

reference_id

GHSA-xfqh-7356-vqjj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xfqh-7356-vqjj

reference_url	https://access.redhat.com/errata/RHSA-2019:3048
reference_id	RHSA-2019:3048
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3048

reference_url	https://access.redhat.com/errata/RHSA-2019:3049
reference_id	RHSA-2019:3049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3049

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

fixed_packages

url pkg:npm/keycloak-connect@8.0.0

purl pkg:npm/keycloak-connect@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0

aliases CVE-2019-14820, GHSA-xfqh-7356-vqjj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sghy-8wey-5yg5

url VCID-sk6p-vfu6-7kem

vulnerability_id VCID-sk6p-vfu6-7kem

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50616
published_at	2026-04-16T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50565
published_at	2026-04-04T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50518
published_at	2026-04-07T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50573
published_at	2026-04-08T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.5057
published_at	2026-04-09T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50612
published_at	2026-04-11T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50589
published_at	2026-04-12T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50574
published_at	2026-04-13T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50481
published_at	2026-04-01T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50537
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_id

CVE-2020-10776

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_id

GHSA-484q-784p-8m5h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:npm/keycloak-connect@12.0.0

purl pkg:npm/keycloak-connect@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-d1ua-u2v7-jqf8

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@12.0.0

aliases CVE-2020-10776, GHSA-484q-784p-8m5h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sk6p-vfu6-7kem

url VCID-th5p-51pd-3ffg

vulnerability_id VCID-th5p-51pd-3ffg

summary

Improper privilege management in Keycloak
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_url

https://access.redhat.com/security/cve/cve-2020-14389

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2020-14389

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_id

reference_type

scores

value	0.00148
scoring_system	epss
scoring_elements	0.35337
published_at	2026-04-16T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35358
published_at	2026-04-11T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35321
published_at	2026-04-12T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35299
published_at	2026-04-13T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35177
published_at	2026-04-01T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35378
published_at	2026-04-02T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35403
published_at	2026-04-04T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35285
published_at	2026-04-07T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35331
published_at	2026-04-08T12:55:00Z

value	0.00148
scoring_system	epss
scoring_elements	0.35356
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id	1875843
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843

reference_url

https://github.com/advisories/GHSA-c9x9-xv66-xp3v

reference_id

GHSA-c9x9-xv66-xp3v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c9x9-xv66-xp3v

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:npm/keycloak-connect@12.0.0

purl pkg:npm/keycloak-connect@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-d1ua-u2v7-jqf8

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@12.0.0

aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th5p-51pd-3ffg

url

VCID-u5ba-kpd5-67bm

vulnerability_id

VCID-u5ba-kpd5-67bm

summary

Keycloak discloses information without authentication
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_id

reference_type

scores

value	0.85144
scoring_system	epss
scoring_elements	0.9936
published_at	2026-04-16T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99357
published_at	2026-04-13T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99356
published_at	2026-04-11T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99355
published_at	2026-04-09T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99354
published_at	2026-04-08T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99349
published_at	2026-04-02T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99353
published_at	2026-04-07T12:55:00Z

value	0.85144
scoring_system	epss
scoring_elements	0.99352
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_url

https://github.com/keycloak/keycloak/pull/7790

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7790

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-27838

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-27838

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-pcv5-m2wh-66j3

reference_url

reference_id

GHSA-pcv5-m2wh-66j3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pcv5-m2wh-66j3

fixed_packages

aliases

CVE-2020-27838, GHSA-pcv5-m2wh-66j3

risk_score

10.0

exploitability

2.0

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-u5ba-kpd5-67bm

url VCID-uafc-khnd-uyga

vulnerability_id VCID-uafc-khnd-uyga

summary

Improper Validation of Certificate Expiration
Keycloak does not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2017-1203.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-1203.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7474.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7474.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7474

reference_id

reference_type

scores

value	0.01726
scoring_system	epss
scoring_elements	0.82463
published_at	2026-04-16T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.8241
published_at	2026-04-08T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.82418
published_at	2026-04-09T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.82436
published_at	2026-04-11T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.82433
published_at	2026-04-12T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.82428
published_at	2026-04-13T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.82354
published_at	2026-04-01T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.82369
published_at	2026-04-02T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.82386
published_at	2026-04-04T12:55:00Z

value	0.01726
scoring_system	epss
scoring_elements	0.82382
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7474

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1445271

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1445271

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7474

reference_id

CVE-2017-7474

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7474

reference_url

https://github.com/advisories/GHSA-mw35-24gh-f82w

reference_id

GHSA-mw35-24gh-f82w

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mw35-24gh-f82w

reference_url	https://access.redhat.com/errata/RHSA-2017:1203
reference_id	RHSA-2017:1203
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1203

fixed_packages

url pkg:npm/keycloak-connect@3.1.0

purl pkg:npm/keycloak-connect@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-3ued-3fnw-a7h7

vulnerability	VCID-4wpu-jga7-9fer

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-96mj-gt5k-23ck

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-hgu6-1a6g-13bw

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-m1cv-61u2-y3ck

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-mumt-rvzk-w7d4

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-r8e5-wta1-gqc8

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sghy-8wey-5yg5

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-v4pf-q8hu-8kda

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

vulnerability	VCID-ysrd-zv5b-wfeg

vulnerability	VCID-yzy7-9vf5-tfht

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@3.1.0

aliases CVE-2017-7474, GHSA-mw35-24gh-f82w

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uafc-khnd-uyga

url VCID-v4pf-q8hu-8kda

vulnerability_id VCID-v4pf-q8hu-8kda

summary

Improper Verification of Cryptographic Signature in keycloak
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10201

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33351
published_at	2026-04-16T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33339
published_at	2026-04-08T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33372
published_at	2026-04-09T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33375
published_at	2026-04-11T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33334
published_at	2026-04-12T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33311
published_at	2026-04-13T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33291
published_at	2026-04-01T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33427
published_at	2026-04-02T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33458
published_at	2026-04-04T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33296
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10201

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10201

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10201

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1728609
reference_id	1728609
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1728609

reference_url

https://github.com/advisories/GHSA-4fgq-gq9g-3rw7

reference_id

GHSA-4fgq-gq9g-3rw7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4fgq-gq9g-3rw7

reference_url	https://access.redhat.com/errata/RHSA-2019:2483
reference_id	RHSA-2019:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2483

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:npm/keycloak-connect@7.0.0

purl pkg:npm/keycloak-connect@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-4wpu-jga7-9fer

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-b9np-xrb9-g3fd

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-m1cv-61u2-y3ck

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-mumt-rvzk-w7d4

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sghy-8wey-5yg5

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-umcf-t6w5-juha

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

vulnerability	VCID-yzy7-9vf5-tfht

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0

aliases CVE-2019-10201, GHSA-4fgq-gq9g-3rw7

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4pf-q8hu-8kda

url

VCID-xq2v-4txb-sueu

vulnerability_id

VCID-xq2v-4txb-sueu

summary

Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Impersonation and lockout are possible due to email trust not being handled correctly in Keycloak. Since the verified state is not reset when the email changes, it is possible for users to shadow others with the same email and lock out or impersonate them.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0105.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0105.json

reference_url

https://access.redhat.com/security/cve/CVE-2023-0105

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:47:18Z/

url

https://access.redhat.com/security/cve/CVE-2023-0105

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0105

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42391
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4245
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42423
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42453
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42442
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42454
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42405
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42435
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42472
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0105

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2158910

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2158910

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/87a50d3ba790b049e436c9925874f9b418af7988

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/87a50d3ba790b049e436c9925874f9b418af7988

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-c7xw-p58w-h6fj

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-c7xw-p58w-h6fj

reference_url

https://github.com/advisories/GHSA-c7xw-p58w-h6fj

reference_id

GHSA-c7xw-p58w-h6fj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c7xw-p58w-h6fj

reference_url	https://access.redhat.com/errata/RHSA-2023:7482
reference_id	RHSA-2023:7482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7482

reference_url	https://access.redhat.com/errata/RHSA-2023:7483
reference_id	RHSA-2023:7483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7483

reference_url	https://access.redhat.com/errata/RHSA-2023:7484
reference_id	RHSA-2023:7484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7484

reference_url	https://access.redhat.com/errata/RHSA-2023:7486
reference_id	RHSA-2023:7486
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7486

reference_url	https://access.redhat.com/errata/RHSA-2023:7488
reference_id	RHSA-2023:7488
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7488

fixed_packages

aliases

CVE-2023-0105, GHSA-c7xw-p58w-h6fj

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xq2v-4txb-sueu

url VCID-y1jz-hqab-pycq

vulnerability_id VCID-y1jz-hqab-pycq

summary

XSS in Keycloak
It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1697

reference_id

reference_type

scores

value	0.00283
scoring_system	epss
scoring_elements	0.51729
published_at	2026-04-16T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51681
published_at	2026-04-08T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51678
published_at	2026-04-09T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51726
published_at	2026-04-11T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51704
published_at	2026-04-12T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51688
published_at	2026-04-13T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5159
published_at	2026-04-01T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51642
published_at	2026-04-02T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51667
published_at	2026-04-04T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51627
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1697

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1697

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1697

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1791538
reference_id	1791538
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1791538

reference_url

https://github.com/advisories/GHSA-8vf3-4w62-m3pq

reference_id

GHSA-8vf3-4w62-m3pq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8vf3-4w62-m3pq

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

fixed_packages

url pkg:npm/keycloak-connect@9.0.0

purl pkg:npm/keycloak-connect@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-255g-p3tj-k7fk

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.0

aliases CVE-2020-1697, GHSA-8vf3-4w62-m3pq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1jz-hqab-pycq

url VCID-yk5u-7cuz-7kdt

vulnerability_id VCID-yk5u-7cuz-7kdt

summary

Incorrect Permission Assignment for Critical Resource
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1694

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51001
published_at	2026-04-13T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50942
published_at	2026-04-07T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50999
published_at	2026-04-08T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50996
published_at	2026-04-09T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51039
published_at	2026-04-16T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51018
published_at	2026-04-12T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50906
published_at	2026-04-01T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.5096
published_at	2026-04-02T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50985
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1694

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1790759

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1790759

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1694

reference_id

CVE-2020-1694

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1694

reference_url

https://github.com/advisories/GHSA-72j4-94rx-cr6w

reference_id

GHSA-72j4-94rx-cr6w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-72j4-94rx-cr6w

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

fixed_packages

url pkg:npm/keycloak-connect@10.0.0

purl pkg:npm/keycloak-connect@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0

aliases CVE-2020-1694, GHSA-72j4-94rx-cr6w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yk5u-7cuz-7kdt

url VCID-yp87-przu-bbbg

vulnerability_id VCID-yp87-przu-bbbg

summary

Improper Restriction of Rendered UI Layers or Frames in Keycloak
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1728

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.32985
published_at	2026-04-16T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33097
published_at	2026-04-04T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32927
published_at	2026-04-07T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32973
published_at	2026-04-08T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33003
published_at	2026-04-09T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33006
published_at	2026-04-11T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32968
published_at	2026-04-12T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32943
published_at	2026-04-13T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32935
published_at	2026-04-01T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33064
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1728

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

reference_url

https://issues.redhat.com/browse/KEYCLOAK-12264

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-12264

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1728

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1728

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800585
reference_id	1800585
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800585

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:quarkus:quarkus::::::::
reference_id	cpe:2.3:a:quarkus:quarkus::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:quarkus:quarkus::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::
reference_id	cpe:2.3:a:redhat:keycloak::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak::::::::

reference_url

https://github.com/advisories/GHSA-3gg7-9q2x-79fc

reference_id

GHSA-3gg7-9q2x-79fc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3gg7-9q2x-79fc

reference_url	https://access.redhat.com/errata/RHSA-2020:3495
reference_id	RHSA-2020:3495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3495

reference_url	https://access.redhat.com/errata/RHSA-2020:3496
reference_id	RHSA-2020:3496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3496

reference_url	https://access.redhat.com/errata/RHSA-2020:3497
reference_id	RHSA-2020:3497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3497

reference_url	https://access.redhat.com/errata/RHSA-2020:4213
reference_id	RHSA-2020:4213
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4213

reference_url	https://access.redhat.com/errata/RHSA-2020:4252
reference_id	RHSA-2020:4252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4252

fixed_packages

url pkg:npm/keycloak-connect@10.0.0

purl pkg:npm/keycloak-connect@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-546n-kc1p-cyhm

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-xq2v-4txb-sueu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0

aliases CVE-2020-1728, GHSA-3gg7-9q2x-79fc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp87-przu-bbbg

url VCID-ysrd-zv5b-wfeg

vulnerability_id VCID-ysrd-zv5b-wfeg

summary

Information Exposure
Keycloak allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user's browser session.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:1140

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1140

reference_url

https://access.redhat.com/errata/RHSA-2019:2998

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2998

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3868

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.5095
published_at	2026-04-13T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50908
published_at	2026-04-02T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50934
published_at	2026-04-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50891
published_at	2026-04-07T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50948
published_at	2026-04-08T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50946
published_at	2026-04-09T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50988
published_at	2026-04-16T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50967
published_at	2026-04-12T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.5085
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3868

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868

reference_url

http://www.securityfocus.com/bid/108061

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108061

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1679144
reference_id	1679144
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1679144

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3868

reference_id

CVE-2019-3868

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3868

reference_url

https://github.com/advisories/GHSA-gc52-xj6p-9pxp

reference_id

GHSA-gc52-xj6p-9pxp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gc52-xj6p-9pxp

reference_url	https://access.redhat.com/errata/RHSA-2019:0856
reference_id	RHSA-2019:0856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0856

reference_url	https://access.redhat.com/errata/RHSA-2019:0857
reference_id	RHSA-2019:0857
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0857

reference_url	https://access.redhat.com/errata/RHSA-2019:0868
reference_id	RHSA-2019:0868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0868

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:npm/keycloak-connect@6.0.1

purl pkg:npm/keycloak-connect@6.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14c3-xa9j-mbab

vulnerability	VCID-3ued-3fnw-a7h7

vulnerability	VCID-4wpu-jga7-9fer

vulnerability	VCID-7j7q-m1zp-zfac

vulnerability	VCID-96mj-gt5k-23ck

vulnerability	VCID-dxj3-8sk5-mfdy

vulnerability	VCID-e9qa-sy57-fqby

vulnerability	VCID-ebn8-cjqs-k3ad

vulnerability	VCID-engr-q4ge-53dc

vulnerability	VCID-fknh-1j7d-jyeq

vulnerability	VCID-gjy5-c6by-2ufg

vulnerability	VCID-gp47-t3vm-57an

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-kzc8-pgz7-6bep

vulnerability	VCID-m1cv-61u2-y3ck

vulnerability	VCID-mqgm-ezmw-h7ev

vulnerability	VCID-mumt-rvzk-w7d4

vulnerability	VCID-nhe2-8dtq-gqbf

vulnerability	VCID-s6f1-tnbu-jfaq

vulnerability	VCID-sghy-8wey-5yg5

vulnerability	VCID-sk6p-vfu6-7kem

vulnerability	VCID-th5p-51pd-3ffg

vulnerability	VCID-u5ba-kpd5-67bm

vulnerability	VCID-v4pf-q8hu-8kda

vulnerability	VCID-xq2v-4txb-sueu

vulnerability	VCID-y1jz-hqab-pycq

vulnerability	VCID-yk5u-7cuz-7kdt

vulnerability	VCID-yp87-przu-bbbg

vulnerability	VCID-yzy7-9vf5-tfht

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@6.0.1

aliases CVE-2019-3868, GHSA-gc52-xj6p-9pxp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ysrd-zv5b-wfeg

url VCID-yzy7-9vf5-tfht

vulnerability_id VCID-yzy7-9vf5-tfht

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10170

reference_id

reference_type

scores

value	0.00742
scoring_system	epss
scoring_elements	0.73012
published_at	2026-04-16T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72945
published_at	2026-04-04T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.7292
published_at	2026-04-07T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72958
published_at	2026-04-08T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72972
published_at	2026-04-09T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72997
published_at	2026-04-11T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72977
published_at	2026-04-12T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.7297
published_at	2026-04-13T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72913
published_at	2026-04-01T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72925
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10170

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url