Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/282385?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/282385?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@12.0.4", "type": "maven", "namespace": "org.keycloak", "name": "keycloak-services", "version": "12.0.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "26.6.3", "latest_non_vulnerable_version": "26.6.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63842?format=api", "vulnerability_id": "VCID-12yb-w8kt-jyg3", "summary": "keycloak: Keycloak: Denial of Service via excessive processing of OpenID Connect scope parameters", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4634", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4634" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07056", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4634" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47716", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47716" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4634", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4634" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450250", "reference_id": "2450250", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450250" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-h4wv-g838-66g3", "reference_id": "GHSA-h4wv-g838-66g3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h4wv-g838-66g3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110369?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-xqks-vfap-aqb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-4634", "GHSA-h4wv-g838-66g3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12yb-w8kt-jyg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42177?format=api", "vulnerability_id": "VCID-1a4q-f36b-43aq", "summary": "Incorrect Authorization\nA flaw was found in Keycloak which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4133.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62834", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62791", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4133" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033602", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033602" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/9247", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/9247" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4133", "reference_id": "CVE-2021-4133", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4133" }, { "reference_url": "https://github.com/advisories/GHSA-83x4-9cwr-5487", "reference_id": "GHSA-83x4-9cwr-5487", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-83x4-9cwr-5487" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487", "reference_id": "GHSA-83x4-9cwr-5487", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-83x4-9cwr-5487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5217", "reference_id": "RHSA-2021:5217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5218", "reference_id": "RHSA-2021:5218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5219", "reference_id": "RHSA-2021:5219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0015", "reference_id": "RHSA-2022:0015", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0034", "reference_id": "RHSA-2022:0034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0151", "reference_id": "RHSA-2022:0151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0152", "reference_id": "RHSA-2022:0152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0155", "reference_id": "RHSA-2022:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0164", "reference_id": "RHSA-2022:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60272?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@15.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.1" } ], "aliases": [ "CVE-2021-4133", "GHSA-83x4-9cwr-5487" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1a4q-f36b-43aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50443?format=api", "vulnerability_id": "VCID-1fwh-a287-5qgt", "summary": "Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass\nA flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02665", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12150" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/35110", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/35110" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/43723", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/43723" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12150", "reference_id": "CVE-2025-12150", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12150" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150", "reference_id": "CVE-2025-12150", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150" }, { "reference_url": "https://github.com/advisories/GHSA-7g5x-9c4v-4w5r", "reference_id": "GHSA-7g5x-9c4v-4w5r", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g5x-9c4v-4w5r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74340?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4" } ], "aliases": [ "CVE-2025-12150", "GHSA-7g5x-9c4v-4w5r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fwh-a287-5qgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57630?format=api", "vulnerability_id": "VCID-1u7p-4qg4-yqbv", "summary": "Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11986", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11987", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12015", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12016", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/40446", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/40446" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/40520", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/40520" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7365", "reference_id": "CVE-2025-7365", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7365" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365", "reference_id": "CVE-2025-7365", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365" }, { "reference_url": "https://github.com/advisories/GHSA-gj52-35xm-gxjh", "reference_id": "GHSA-gj52-35xm-gxjh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gj52-35xm-gxjh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70545?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bw6h-4h9x-rbab" }, { "vulnerability": "VCID-c58s-s3rb-27fw" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pgjk-vhx6-yqbt" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "GHSA-gj52-35xm-gxjh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1u7p-4qg4-yqbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47508?format=api", "vulnerability_id": "VCID-2kyy-pzzx-n7gr", "summary": "Keycloak vulnerable to impersonation via logout token exchange\nKeycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1727", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17192", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0657" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-0657", "reference_id": "CVE-2023-0657", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-0657" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657", "reference_id": "CVE-2023-0657", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657" }, { "reference_url": "https://github.com/advisories/GHSA-7fpj-9hr8-28vh", "reference_id": "GHSA-7fpj-9hr8-28vh", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fpj-9hr8-28vh" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh", "reference_id": "GHSA-7fpj-9hr8-28vh", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-0657", "GHSA-7fpj-9hr8-28vh" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kyy-pzzx-n7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48151?format=api", "vulnerability_id": "VCID-2xg4-ad4r-4kce", "summary": "Keycloak vulnerable to session takeovers due to reuse of session identifiers\nA flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04487", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12390" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406793", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406793" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80" }, { "reference_url": "https://github.com/keycloak/keycloak/discussions/31265", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/discussions/31265" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/32197", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/32197" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/43853", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/43853" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12390", "reference_id": "CVE-2025-12390", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12390" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12390", "reference_id": "CVE-2025-12390", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12390" }, { "reference_url": "https://github.com/advisories/GHSA-rg35-5v25-mqvp", "reference_id": "GHSA-rg35-5v25-mqvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg35-5v25-mqvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71152?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0" } ], "aliases": [ "CVE-2025-12390", "GHSA-rg35-5v25-mqvp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xg4-ad4r-4kce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47518?format=api", "vulnerability_id": "VCID-2xvq-t8jp-zfbj", "summary": "Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow\nKeycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL (ACS), including JavaScript URIs (javascript:).\n\nAllowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1353", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2945", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4057", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4057" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6717", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6717" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6717" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12", "reference_id": "cpe:/a:redhat:amq_broker:7.12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1", "reference_id": "cpe:/a:redhat:openshift_gitops:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8", "reference_id": "cpe:/a:redhat:openshift_serverless:1.33::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3", "reference_id": "cpe:/a:redhat:quarkus:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1", "reference_id": "cpe:/a:redhat:rhdh:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", "reference_id": "CVE-2023-6717", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717" }, { "reference_url": "https://github.com/advisories/GHSA-8rmm-gm28-pj8q", "reference_id": "GHSA-8rmm-gm28-pj8q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8rmm-gm28-pj8q" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q", "reference_id": "GHSA-8rmm-gm28-pj8q", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6717", "GHSA-8rmm-gm28-pj8q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xvq-t8jp-zfbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55873?format=api", "vulnerability_id": "VCID-36v6-qmgy-j3cv", "summary": "Duplicate Advisory: Keycloak Open Redirect vulnerability\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-w8gr-xwp4-r9f7. This link is maintained to preserve external references.\n\n# Original Description\nA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10386", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6878", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6880", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6882", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6886", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6887", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6889", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6890", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8823", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8824", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8826", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8826" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8883", "reference_id": "CVE-2024-8883", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8883" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883", "reference_id": "CVE-2024-8883", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883" }, { "reference_url": "https://github.com/advisories/GHSA-vvf8-2h68-9475", "reference_id": "GHSA-vvf8-2h68-9475", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vvf8-2h68-9475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82731?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6" } ], "aliases": [ "GHSA-vvf8-2h68-9475" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36v6-qmgy-j3cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48116?format=api", "vulnerability_id": "VCID-3adr-h63v-c3eg", "summary": "Keycloak does not invalidate offline sessions when the offline_access scope is removed\nA flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19292", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12110" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406033" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/43790", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/43790" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12110", "reference_id": "CVE-2025-12110", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12110" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12110", "reference_id": "CVE-2025-12110", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12110" }, { "reference_url": "https://github.com/advisories/GHSA-895x-rfqp-jh5c", "reference_id": "GHSA-895x-rfqp-jh5c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-895x-rfqp-jh5c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71065?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mzdb-4zsz-qqhn" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3" } ], "aliases": [ "CVE-2025-12110", "GHSA-895x-rfqp-jh5c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3adr-h63v-c3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55171?format=api", "vulnerability_id": "VCID-4hs9-48uu-8qbf", "summary": "Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-69fp-7c8p-crjr. This link is maintained to preserve external references.\n\n## Original Description\nA flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3566", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3568", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3570", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3572", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3573", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3574", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3575", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3576", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3576" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4540", "reference_id": "CVE-2024-4540", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4540" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540", "reference_id": "CVE-2024-4540", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540" }, { "reference_url": "https://github.com/advisories/GHSA-4vrx-8phj-x3mg", "reference_id": "GHSA-4vrx-8phj-x3mg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vrx-8phj-x3mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81712?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5" } ], "aliases": [ "GHSA-4vrx-8phj-x3mg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hs9-48uu-8qbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55847?format=api", "vulnerability_id": "VCID-66zv-ra8w-s3b4", "summary": "Keycloak Services has a potential bypass of brute force protection\nIf an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6493", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6494", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6495", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6499", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6500", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6501", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6501" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63746", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4629" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4629", "reference_id": "CVE-2024-4629", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4629" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629", "reference_id": "CVE-2024-4629", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629" }, { "reference_url": "https://github.com/advisories/GHSA-gc7q-jgjv-vjr2", "reference_id": "GHSA-gc7q-jgjv-vjr2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc7q-jgjv-vjr2" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2", "reference_id": "GHSA-gc7q-jgjv-vjr2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82578?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w6nc-88yg-dkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/82579?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w6nc-88yg-dkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82681?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.4" } ], "aliases": [ "CVE-2024-4629", "GHSA-gc7q-jgjv-vjr2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66zv-ra8w-s3b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57234?format=api", "vulnerability_id": "VCID-6dya-2u73-vbee", "summary": "Keycloak vulnerable to two factor authentication bypass\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22345", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3910" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/39349", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/39349" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3910", "reference_id": "CVE-2025-3910", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3910" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910", "reference_id": "CVE-2025-3910", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910" }, { "reference_url": "https://github.com/advisories/GHSA-5jfq-x6xp-7rw2", "reference_id": "GHSA-5jfq-x6xp-7rw2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5jfq-x6xp-7rw2" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2", "reference_id": "GHSA-5jfq-x6xp-7rw2", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84985?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mzdb-4zsz-qqhn" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "CVE-2025-3910", "GHSA-5jfq-x6xp-7rw2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dya-2u73-vbee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5538?format=api", "vulnerability_id": "VCID-6gee-p7fr-1yhy", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20222.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20222.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63543", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.635", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20222" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924606", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924606" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-20222", "reference_id": "CVE-2021-20222", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-20222" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20222", "reference_id": "CVE-2021-20222", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20222" }, { "reference_url": "https://github.com/advisories/GHSA-2mq8-99q7-55wx", "reference_id": "GHSA-2mq8-99q7-55wx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2mq8-99q7-55wx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79360?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vs8q-ywf1-3qa2" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2021-20222", "GHSA-2mq8-99q7-55wx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6gee-p7fr-1yhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55355?format=api", "vulnerability_id": "VCID-6kbf-zmzu-xbgt", "summary": "Keycloak's improper input validation allows using email as username\nKeycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3754.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3754", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3754" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12319", "scoring_system": "epss", "scoring_elements": "0.94012", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.12319", "scoring_system": "epss", "scoring_elements": "0.94003", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3754", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3754" }, { "reference_url": "https://github.com/advisories/GHSA-4vc8-pg5c-vg4x", "reference_id": "GHSA-4vc8-pg5c-vg4x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vc8-pg5c-vg4x" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x", "reference_id": "GHSA-4vc8-pg5c-vg4x", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81847?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.1" } ], "aliases": [ "CVE-2021-3754", "GHSA-4vc8-pg5c-vg4x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kbf-zmzu-xbgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5537?format=api", "vulnerability_id": "VCID-7662-z35s-9qeq", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3513" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42063", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42137", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7976", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439", "reference_id": "1953439", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://github.com/advisories/GHSA-xv7h-95r7-595j", "reference_id": "GHSA-xv7h-95r7-595j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7h-95r7-595j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79360?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vs8q-ywf1-3qa2" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2021-3513", "GHSA-xv7h-95r7-595j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7662-z35s-9qeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63838?format=api", "vulnerability_id": "VCID-7uk5-w4qh-8uhq", "summary": "keycloak: Keycloak: Information disclosure due to redirect_uri validation bypass", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3872", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3872" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01743", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3872" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47718", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47718" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3872", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3872" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445988", "reference_id": "2445988", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445988" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-cjm2-j6cm-6p6m", "reference_id": "GHSA-cjm2-j6cm-6p6m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cjm2-j6cm-6p6m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110369?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-xqks-vfap-aqb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-3872", "GHSA-cjm2-j6cm-6p6m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uk5-w4qh-8uhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56257?format=api", "vulnerability_id": "VCID-8ekh-fbbj-5yfb", "summary": "Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10176", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10177", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-10270", "reference_id": "CVE-2024-10270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-10270" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270", "reference_id": "CVE-2024-10270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270" }, { "reference_url": "https://github.com/advisories/GHSA-j3x3-r585-4qhg", "reference_id": "GHSA-j3x3-r585-4qhg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j3x3-r585-4qhg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83338?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83339?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6" } ], "aliases": [ "GHSA-j3x3-r585-4qhg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ekh-fbbj-5yfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43029?format=api", "vulnerability_id": "VCID-9jrc-ayvh-e7dk", "summary": "Keycloak is vulnerable to IDN homograph attack\nA flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity.", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e" }, { "reference_url": "https://github.com/advisories/GHSA-mwm4-5qwr-g9pf", "reference_id": "GHSA-mwm4-5qwr-g9pf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwm4-5qwr-g9pf" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf", "reference_id": "GHSA-mwm4-5qwr-g9pf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61579?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0" } ], "aliases": [ "GHSA-mwm4-5qwr-g9pf", "GMS-2022-1099" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jrc-ayvh-e7dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45591?format=api", "vulnerability_id": "VCID-asmd-x6cy-dqdt", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nKeycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4361.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4361.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.80141", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.80115", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4361" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151618", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151618" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/" } ], "url": "https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-3p62-6fjh-3p5h", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-3p62-6fjh-3p5h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4361", "reference_id": "CVE-2022-4361", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4361" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65823?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@21.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2" } ], "aliases": [ "CVE-2022-4361", "GHSA-3p62-6fjh-3p5h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-asmd-x6cy-dqdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46052?format=api", "vulnerability_id": "VCID-azxv-y5rj-vkg9", "summary": "Insufficient Session Expiration\nA flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8961", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8962", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8963", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8964", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8965", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45539", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4547", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-3916", "reference_id": "CVE-2022-3916", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "reference_id": "CVE-2022-3916", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" }, { "reference_url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "GHSA-97g8-xfvw-q4hg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "GHSA-97g8-xfvw-q4hg", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67069?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@20.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.2" } ], "aliases": [ "CVE-2022-3916", "GHSA-97g8-xfvw-q4hg", "GMS-2022-8406" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50263?format=api", "vulnerability_id": "VCID-bebk-k27t-4qgf", "summary": "Keycloak: Missing Check on Disabled Client for Docker Registry Protocol\nA flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10007", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46462", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46462" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2733", "reference_id": "CVE-2026-2733", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2733" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733", "reference_id": "CVE-2026-2733", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733" }, { "reference_url": "https://github.com/advisories/GHSA-fjf4-6f34-w64q", "reference_id": "GHSA-fjf4-6f34-w64q", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fjf4-6f34-w64q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112932?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4" } ], "aliases": [ "CVE-2026-2733", "GHSA-fjf4-6f34-w64q" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bebk-k27t-4qgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55338?format=api", "vulnerability_id": "VCID-bub5-f9wf-57d4", "summary": "Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)\nA flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3566", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3567", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3568", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3570", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3572", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3573", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3574", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3575", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3576", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3576" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54351", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4540" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4540", "reference_id": "CVE-2024-4540", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4540" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540", "reference_id": "CVE-2024-4540", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540" }, { "reference_url": "https://github.com/advisories/GHSA-69fp-7c8p-crjr", "reference_id": "GHSA-69fp-7c8p-crjr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69fp-7c8p-crjr" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr", "reference_id": "GHSA-69fp-7c8p-crjr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81712?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5" } ], "aliases": [ "CVE-2024-4540", "GHSA-69fp-7c8p-crjr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bub5-f9wf-57d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44782?format=api", "vulnerability_id": "VCID-ch1b-adh9-skah", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00993", "scoring_system": "epss", "scoring_elements": "0.77283", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00993", "scoring_system": "epss", "scoring_elements": "0.77252", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/16764", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/16764" }, { "reference_url": "https://herolab.usd.de/security-advisories/usd-2021-0033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://herolab.usd.de/security-advisories/usd-2021-0033" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "reference_id": "CVE-2022-1274", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "reference_url": "https://github.com/advisories/GHSA-m4fv-gm5m-4725", "reference_id": "GHSA-m4fv-gm5m-4725", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4fv-gm5m-4725" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "reference_id": "GHSA-m4fv-gm5m-4725", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64454?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@20.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.5" } ], "aliases": [ "CVE-2022-1274", "GHSA-m4fv-gm5m-4725", "GMS-2023-528" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ch1b-adh9-skah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56014?format=api", "vulnerability_id": "VCID-cs4b-u9hn-9ugy", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6493", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6494", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6495", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6499", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6500", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6501", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6502", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6503", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6503" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02246", "scoring_system": "epss", "scoring_elements": "0.849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7341" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7341", "reference_id": "CVE-2024-7341", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7341" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7341", "reference_id": "CVE-2024-7341", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7341" }, { "reference_url": "https://github.com/advisories/GHSA-5rxp-2rhr-qwqv", "reference_id": "GHSA-5rxp-2rhr-qwqv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5rxp-2rhr-qwqv" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv", "reference_id": "GHSA-5rxp-2rhr-qwqv", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv" }, { "reference_url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv", "reference_id": "GHSA-j76j-rqwj-jmvv", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82578?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w6nc-88yg-dkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/82579?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w6nc-88yg-dkem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82577?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.5" } ], "aliases": [ "CVE-2024-7341", "GHSA-5rxp-2rhr-qwqv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cs4b-u9hn-9ugy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49799?format=api", "vulnerability_id": "VCID-dckx-y9zp-d7fy", "summary": "Keycloak Admin REST API exposes backend schema and rules\nA flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14083", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01033", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14083" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419086", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419086" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45493", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45493" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14083", "reference_id": "CVE-2025-14083", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14083" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14083", "reference_id": "CVE-2025-14083", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14083" }, { "reference_url": "https://github.com/advisories/GHSA-594w-2fwp-jwrc", "reference_id": "GHSA-594w-2fwp-jwrc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-594w-2fwp-jwrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70545?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bw6h-4h9x-rbab" }, { "vulnerability": "VCID-c58s-s3rb-27fw" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pgjk-vhx6-yqbt" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2025-14083", "GHSA-594w-2fwp-jwrc" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dckx-y9zp-d7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57678?format=api", "vulnerability_id": "VCID-dgdk-ahqm-9ken", "summary": "Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12015", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12016", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/41137", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/41137" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/41168", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/41168" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7784", "reference_id": "CVE-2025-7784", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7784" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7784", "reference_id": "CVE-2025-7784", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7784" }, { "reference_url": "https://github.com/advisories/GHSA-83j7-mhw9-388w", "reference_id": "GHSA-83j7-mhw9-388w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-83j7-mhw9-388w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85981?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2" } ], "aliases": [ "GHSA-83j7-mhw9-388w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgdk-ahqm-9ken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47514?format=api", "vulnerability_id": "VCID-dt1x-6344-fkda", "summary": "Keycloak Authorization Bypass vulnerability\nDue to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6544", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6544" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01309", "scoring_system": "epss", "scoring_elements": "0.80164", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544", "reference_id": "CVE-2023-6544", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544" }, { "reference_url": "https://github.com/advisories/GHSA-46c8-635v-68r2", "reference_id": "GHSA-46c8-635v-68r2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46c8-635v-68r2" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2", "reference_id": "GHSA-46c8-635v-68r2", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6544", "GHSA-46c8-635v-68r2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dt1x-6344-fkda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42782?format=api", "vulnerability_id": "VCID-dvk9-qsq9-4uc3", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70265", "scoring_system": "epss", "scoring_elements": "0.987", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.70265", "scoring_system": "epss", "scoring_elements": "0.98701", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20323" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013577", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013577" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20323", "reference_id": "CVE-2021-20323", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20323" }, { "reference_url": "https://github.com/advisories/GHSA-xpgc-j48j-jwv9", "reference_id": "GHSA-xpgc-j48j-jwv9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpgc-j48j-jwv9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0407", "reference_id": "RHSA-2022:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/564739?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@17.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@17.0.0" } ], "aliases": [ "CVE-2021-20323", "GHSA-xpgc-j48j-jwv9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvk9-qsq9-4uc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57227?format=api", "vulnerability_id": "VCID-dwgd-79t9-d7a1", "summary": "Duplicate Advisory: Keycloak hostname verification\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8672", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8690", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3501", "reference_id": "CVE-2025-3501", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501", "reference_id": "CVE-2025-3501", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501" }, { "reference_url": "https://github.com/advisories/GHSA-r934-w73g-v4p8", "reference_id": "GHSA-r934-w73g-v4p8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r934-w73g-v4p8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84985?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mzdb-4zsz-qqhn" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "GHSA-r934-w73g-v4p8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwgd-79t9-d7a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64298?format=api", "vulnerability_id": "VCID-exeg-acrj-zkah", "summary": "org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4874", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4874" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01265", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4874" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4874", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4874" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451611", "reference_id": "2451611", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451611" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-22rm-wp4x-v5cx", "reference_id": "GHSA-22rm-wp4x-v5cx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-22rm-wp4x-v5cx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/992314?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-sxtm-krnm-kff7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1" } ], "aliases": [ "CVE-2026-4874", "GHSA-22rm-wp4x-v5cx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-exeg-acrj-zkah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49797?format=api", "vulnerability_id": "VCID-fkdm-gq5h-rbg7", "summary": "Keycloak does not validate and update refresh token usage atomically\nA flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01688", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430314", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430314" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45647", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45647" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1035", "reference_id": "CVE-2026-1035", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1035" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1035", "reference_id": "CVE-2026-1035", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1035" }, { "reference_url": "https://github.com/advisories/GHSA-m2w5-7xhv-w6fh", "reference_id": "GHSA-m2w5-7xhv-w6fh", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m2w5-7xhv-w6fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70545?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bw6h-4h9x-rbab" }, { "vulnerability": "VCID-c58s-s3rb-27fw" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pgjk-vhx6-yqbt" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2026-1035", "GHSA-m2w5-7xhv-w6fh" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fkdm-gq5h-rbg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4953?format=api", "vulnerability_id": "VCID-g36a-kpzd-3bdf", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37121", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3703", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3424" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933320", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933320" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3424", "reference_id": "CVE-2021-3424", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3424" }, { "reference_url": "https://github.com/advisories/GHSA-pf38-cw3p-22q9", "reference_id": "GHSA-pf38-cw3p-22q9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf38-cw3p-22q9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2063", "reference_id": "RHSA-2021:2063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2064", "reference_id": "RHSA-2021:2064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2065", "reference_id": "RHSA-2021:2065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2070", "reference_id": "RHSA-2021:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2070" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61579?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0" } ], "aliases": [ "CVE-2021-3424", "GHSA-pf38-cw3p-22q9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g36a-kpzd-3bdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47516?format=api", "vulnerability_id": "VCID-ghak-3963-juhk", "summary": "Keycloak path traversal vulnerability in the redirect validation\nAn issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.214", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269371", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269371" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-2419", "reference_id": "CVE-2024-2419", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-2419" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2419", "reference_id": "CVE-2024-2419", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2419" }, { "reference_url": "https://github.com/advisories/GHSA-mrv8-pqfj-7gp5", "reference_id": "GHSA-mrv8-pqfj-7gp5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mrv8-pqfj-7gp5" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5", "reference_id": "GHSA-mrv8-pqfj-7gp5", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-2419", "GHSA-mrv8-pqfj-7gp5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghak-3963-juhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4955?format=api", "vulnerability_id": "VCID-gr2e-ntp4-9fdg", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29814", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29746", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-16550", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-16550" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725", "reference_id": "CVE-2020-1725", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725" }, { "reference_url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm", "reference_id": "GHSA-p225-pc2x-4jpm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79360?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vs8q-ywf1-3qa2" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2020-1725", "GHSA-p225-pc2x-4jpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50877?format=api", "vulnerability_id": "VCID-gv5e-6w51-uydc", "summary": "Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API\nA flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04232", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3429" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443771", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443771" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47069", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47069" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3429", "reference_id": "CVE-2026-3429", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3429" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3429", "reference_id": "CVE-2026-3429", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3429" }, { "reference_url": "https://github.com/advisories/GHSA-8g9r-9wjw-37j4", "reference_id": "GHSA-8g9r-9wjw-37j4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8g9r-9wjw-37j4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110369?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-xqks-vfap-aqb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-3429", "GHSA-8g9r-9wjw-37j4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv5e-6w51-uydc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63606?format=api", "vulnerability_id": "VCID-gyv4-k3na-eyhu", "summary": "keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-37977", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-37977" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-37977", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00893", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-37977" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37977", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37977" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455324", "reference_id": "2455324", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455324" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://github.com/advisories/GHSA-5v8v-xvjv-57x7", "reference_id": "GHSA-5v8v-xvjv-57x7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5v8v-xvjv-57x7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112858?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-xqks-vfap-aqb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0" } ], "aliases": [ "CVE-2026-37977", "GHSA-5v8v-xvjv-57x7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv4-k3na-eyhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5541?format=api", "vulnerability_id": "VCID-hjue-s41w-bye9", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35824", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.3592", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14302" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849584", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849584" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14302", "reference_id": "CVE-2020-14302", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0967", "reference_id": "RHSA-2021:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0968", "reference_id": "RHSA-2021:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0969", "reference_id": "RHSA-2021:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0974", "reference_id": "RHSA-2021:0974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0974" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79360?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vs8q-ywf1-3qa2" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2020-14302" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjue-s41w-bye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47162?format=api", "vulnerability_id": "VCID-hxup-rgnc-mqbp", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1722.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1722.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41974", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:52:47Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/29603", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/29603" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/29603#issuecomment-2127499627", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/29603#issuecomment-2127499627" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1722", "reference_id": "CVE-2024-1722", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:52:47Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1722" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1722", "reference_id": "CVE-2024-1722", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1722" }, { "reference_url": "https://github.com/advisories/GHSA-3hrr-xwvg-hxvr", "reference_id": "GHSA-3hrr-xwvg-hxvr", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3hrr-xwvg-hxvr" }, { "reference_url": "https://github.com/advisories/GHSA-cq42-vhv7-xr7p", "reference_id": "GHSA-cq42-vhv7-xr7p", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cq42-vhv7-xr7p" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cq42-vhv7-xr7p", "reference_id": "GHSA-cq42-vhv7-xr7p", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cq42-vhv7-xr7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81836?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.0" } ], "aliases": [ "CVE-2024-1722", "GHSA-3hrr-xwvg-hxvr", "GHSA-cq42-vhv7-xr7p" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxup-rgnc-mqbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55344?format=api", "vulnerability_id": "VCID-hzvd-ugxf-9fcd", "summary": "Keycloak's admin API allows low privilege users to use administrative functions\nUsers with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3572", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3575", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3575" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89656", "scoring_system": "epss", "scoring_elements": "0.99582", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3656" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403" }, { "reference_url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1" }, { "reference_url": "https://news.ycombinator.com/item?id=42136000", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://news.ycombinator.com/item?id=42136000" }, { "reference_url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-3656", "reference_id": "CVE-2024-3656", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-3656" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3656", "reference_id": "CVE-2024-3656", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3656" }, { "reference_url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc", "reference_id": "GHSA-2cww-fgmg-4jqc", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc", "reference_id": "GHSA-2cww-fgmg-4jqc", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81712?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5" } ], "aliases": [ "CVE-2024-3656", "GHSA-2cww-fgmg-4jqc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzvd-ugxf-9fcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63840?format=api", "vulnerability_id": "VCID-j8hz-kys5-z3dr", "summary": "keycloak: Keycloak: Replay of action tokens via improper handling of single-use entries", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4325", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4325" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12423", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4325" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47715", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47715" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4325", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4325" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448351", "reference_id": "2448351", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448351" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-rx66-hj7g-28h7", "reference_id": "GHSA-rx66-hj7g-28h7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rx66-hj7g-28h7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110369?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-xqks-vfap-aqb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-4325", "GHSA-rx66-hj7g-28h7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8hz-kys5-z3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43016?format=api", "vulnerability_id": "VCID-jfsk-9epz-t7a8", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62573", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62528", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1245" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1245", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1245" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071036", "reference_id": "2071036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071036" }, { "reference_url": "https://github.com/advisories/GHSA-75p6-52g3-rqc8", "reference_id": "GHSA-75p6-52g3-rqc8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75p6-52g3-rqc8" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8", "reference_id": "GHSA-75p6-52g3-rqc8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1709", "reference_id": "RHSA-2022:1709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1711", "reference_id": "RHSA-2022:1711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1712", "reference_id": "RHSA-2022:1712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1712" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1713", "reference_id": "RHSA-2022:1713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61579?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0" } ], "aliases": [ "CVE-2022-1245", "GHSA-75p6-52g3-rqc8", "GMS-2022-1039" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfsk-9epz-t7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56674?format=api", "vulnerability_id": "VCID-jhzk-d1en-gkhj", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2545", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2545" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1391.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1391.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1391", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25518", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1391" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346082", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346082" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gvgg-2r3r-53x7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gvgg-2r3r-53x7" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/37169", "reference_id": "37169", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/37169" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/37235", "reference_id": "37235", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/37235" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-1391", "reference_id": "CVE-2025-1391", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-1391" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1391", "reference_id": "CVE-2025-1391", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1391" }, { "reference_url": "https://github.com/advisories/GHSA-rq4w-cjrr-h8w8", "reference_id": "GHSA-rq4w-cjrr-h8w8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rq4w-cjrr-h8w8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/130538?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/84144?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/130537?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.3" } ], "aliases": [ "CVE-2025-1391", "GHSA-gvgg-2r3r-53x7", "GHSA-rq4w-cjrr-h8w8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhzk-d1en-gkhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5539?format=api", "vulnerability_id": "VCID-jm25-gtrc-zuhh", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14449", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14519", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922128", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922128" }, { "reference_url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-17000", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-17000" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20202", "reference_id": "CVE-2021-20202", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20202" }, { "reference_url": "https://github.com/advisories/GHSA-6xp6-fmc8-pmmr", "reference_id": "GHSA-6xp6-fmc8-pmmr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xp6-fmc8-pmmr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79360?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vs8q-ywf1-3qa2" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2021-20202", "GHSA-6xp6-fmc8-pmmr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm25-gtrc-zuhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47796?format=api", "vulnerability_id": "VCID-jpky-uz5r-gbc8", "summary": "Keycloak SMTP Inject Vulnerability\nSpecial characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15338", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15339", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15339" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28696", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0", "reference_id": "cpe:/a:redhat:build_keycloak:26.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2", "reference_id": "cpe:/a:redhat:build_keycloak:26.2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-8419" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419" }, { "reference_url": "https://github.com/advisories/GHSA-m4j5-5x4r-2xp9", "reference_id": "GHSA-m4j5-5x4r-2xp9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4j5-5x4r-2xp9" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9", "reference_id": "GHSA-m4j5-5x4r-2xp9", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70546?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/70547?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3" } ], "aliases": [ "CVE-2025-8419", "GHSA-m4j5-5x4r-2xp9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpky-uz5r-gbc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50832?format=api", "vulnerability_id": "VCID-jq8s-nkj4-j7h7", "summary": "Keycloak: Information disclosure of disabled user attributes via administrative endpoint\nA flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02028", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3911" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446392", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446392" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46922", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46922" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/46923", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/46923" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3911", "reference_id": "CVE-2026-3911", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3911" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3911", "reference_id": "CVE-2026-3911", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3911" }, { "reference_url": "https://github.com/advisories/GHSA-xh32-c9wx-phrp", "reference_id": "GHSA-xh32-c9wx-phrp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh32-c9wx-phrp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74838?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-3911", "GHSA-xh32-c9wx-phrp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jq8s-nkj4-j7h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46659?format=api", "vulnerability_id": "VCID-k6ct-rgvj-t3an", "summary": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nA flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7854", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7855", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7856", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7857", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7858", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7860", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7861", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7861" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02468", "scoring_system": "epss", "scoring_elements": "0.85563", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6134", "reference_id": "CVE-2023-6134", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6134" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134", "reference_id": "CVE-2023-6134", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134" }, { "reference_url": "https://github.com/advisories/GHSA-cvg2-7c3j-g36j", "reference_id": "GHSA-cvg2-7c3j-g36j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cvg2-7c3j-g36j" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j", "reference_id": "GHSA-cvg2-7c3j-g36j", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68192?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-86yc-ds2u-jba3" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/135958?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3" } ], "aliases": [ "CVE-2023-6134", "GHSA-cvg2-7c3j-g36j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ct-rgvj-t3an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47512?format=api", "vulnerability_id": "VCID-kbc1-6psh-17d8", "summary": "Keycloak path transversal vulnerability in redirection validation\nA flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2945", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3752", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3762", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3919", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3989", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55892", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1132" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10", "reference_id": "cpe:/a:redhat:amq_broker:7.10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11", "reference_id": "cpe:/a:redhat:amq_broker:7.11", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12", "reference_id": "cpe:/a:redhat:amq_broker:7.12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "reference_id": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3", "reference_id": "cpe:/a:redhat:quarkus:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1132", "reference_id": "CVE-2024-1132", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "reference_id": "CVE-2024-1132", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" }, { "reference_url": "https://github.com/advisories/GHSA-72vp-xfrc-42xm", "reference_id": "GHSA-72vp-xfrc-42xm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72vp-xfrc-42xm" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm", "reference_id": "GHSA-72vp-xfrc-42xm", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-1132", "GHSA-72vp-xfrc-42xm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbc1-6psh-17d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45526?format=api", "vulnerability_id": "VCID-kf26-bvty-a3g9", "summary": "Client Spoofing within the Keycloak Device Authorisation Grant\nUnder certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3883", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3884", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3885", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3888", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3892" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2585" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29453", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2585" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2585" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196335", "reference_id": "2196335", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196335" }, { "reference_url": "https://github.com/advisories/GHSA-f5h4-wmp5-xhg6", "reference_id": "GHSA-f5h4-wmp5-xhg6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f5h4-wmp5-xhg6" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6", "reference_id": "GHSA-f5h4-wmp5-xhg6", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65823?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@21.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2" } ], "aliases": [ "CVE-2023-2585", "GHSA-f5h4-wmp5-xhg6" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kf26-bvty-a3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50704?format=api", "vulnerability_id": "VCID-kmna-8rms-2bez", "summary": "Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator\nA security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11455", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3009" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46911", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46911" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.5.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.5.5" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3009", "reference_id": "CVE-2026-3009", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009", "reference_id": "CVE-2026-3009", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009" }, { "reference_url": "https://github.com/advisories/GHSA-m297-3jv9-m927", "reference_id": "GHSA-m297-3jv9-m927", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m297-3jv9-m927" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74475?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5" } ], "aliases": [ "CVE-2026-3009", "GHSA-m297-3jv9-m927" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmna-8rms-2bez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46510?format=api", "vulnerability_id": "VCID-m24y-x4sk-2yd6", "summary": "Keycloak vulnerable to LDAP Injection on UsernameForm Login\nA flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29553", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29485", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2232" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096994", "reference_id": "2096994", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096994" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-2232", "reference_id": "CVE-2022-2232", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-2232" }, { "reference_url": "https://github.com/advisories/GHSA-8hc5-rmgf-qx6p", "reference_id": "GHSA-8hc5-rmgf-qx6p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8hc5-rmgf-qx6p" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p", "reference_id": "GHSA-8hc5-rmgf-qx6p", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67966?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.1" } ], "aliases": [ "CVE-2022-2232", "GHSA-8hc5-rmgf-qx6p" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m24y-x4sk-2yd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47510?format=api", "vulnerability_id": "VCID-mt5g-24m9-tfbg", "summary": "Keycloak vulnerable to session hijacking via re-authentication\nA flaw was found in Keycloak. An active keycloak session can be hijacked by initiating a new authentication (having the query parameter prompt=login) and forcing the user to enter his credentials once again. If the user cancels this re-authentication by clicking Restart login, the account takeover could take place as the new session, with a different SUB, will have the same SID as the previous session.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69134", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6787" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6787", "reference_id": "CVE-2023-6787", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6787" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6787", "reference_id": "CVE-2023-6787", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6787" }, { "reference_url": "https://github.com/advisories/GHSA-c9h6-v78w-52wj", "reference_id": "GHSA-c9h6-v78w-52wj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9h6-v78w-52wj" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj", "reference_id": "GHSA-c9h6-v78w-52wj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6787", "GHSA-c9h6-v78w-52wj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt5g-24m9-tfbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47503?format=api", "vulnerability_id": "VCID-nw1y-zwsy-auff", "summary": "Keycloak vulnerable to log Injection during WebAuthn authentication or registration\nA flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with \"Security Key login\" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection.\n\nAcknowledgements:\nSpecial thanks toTheresa Henze for reporting this issue and helping us improve our security.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0798", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0800", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0801", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0804", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1865", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6484", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.6979", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6484" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/25078", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/25078" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "reference_id": "CVE-2023-6484", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" }, { "reference_url": "https://github.com/advisories/GHSA-j628-q885-8gr5", "reference_id": "GHSA-j628-q885-8gr5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j628-q885-8gr5" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5", "reference_id": "GHSA-j628-q885-8gr5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69805?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/69806?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.5" } ], "aliases": [ "CVE-2023-6484", "GHSA-j628-q885-8gr5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nw1y-zwsy-auff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65968?format=api", "vulnerability_id": "VCID-pq67-ngsq-cbe4", "summary": "keycloak: Keycloak: Information Disclosure via improper role enforcement in UMA 2.0 Protection API", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3190", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3190" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02142", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3190" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46723", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46723" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3190", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442572", "reference_id": "2442572", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442572" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://github.com/advisories/GHSA-q35r-vvhv-vx5h", "reference_id": "GHSA-q35r-vvhv-vx5h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q35r-vvhv-vx5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74838?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-3190", "GHSA-q35r-vvhv-vx5h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq67-ngsq-cbe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56977?format=api", "vulnerability_id": "VCID-pr4d-pmh8-yfeh", "summary": "Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache\nA flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07057", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2559" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/38576", "reference_id": "38576", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/38576" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca", "reference_id": "a10c8119d4452b866b90a9019b2cc159919276ca", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-2559", "reference_id": "CVE-2025-2559", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-2559" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2559", "reference_id": "CVE-2025-2559", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2559" }, { "reference_url": "https://github.com/advisories/GHSA-2935-2wfm-hhpv", "reference_id": "GHSA-2935-2wfm-hhpv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2935-2wfm-hhpv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/811661?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5" } ], "aliases": [ "CVE-2025-2559", "GHSA-2935-2wfm-hhpv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr4d-pmh8-yfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4952?format=api", "vulnerability_id": "VCID-qjhb-ubp5-ukdy", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3632" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.6649", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.6645", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8203", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8203" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-18500", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-18500" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196", "reference_id": "1978196", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr", "reference_id": "GHSA-qpq9-jpv4-6gwr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/504240?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0" } ], "aliases": [ "CVE-2021-3632", "GHSA-qpq9-jpv4-6gwr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhb-ubp5-ukdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49846?format=api", "vulnerability_id": "VCID-s9bw-xmnt-xqbp", "summary": "Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods\nA flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06785", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45646", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45646" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1190", "reference_id": "CVE-2026-1190", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1190" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190", "reference_id": "CVE-2026-1190", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190" }, { "reference_url": "https://github.com/advisories/GHSA-63v5-26vq-m4vm", "reference_id": "GHSA-63v5-26vq-m4vm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-63v5-26vq-m4vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73948?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3" } ], "aliases": [ "CVE-2026-1190", "GHSA-63v5-26vq-m4vm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9bw-xmnt-xqbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65750?format=api", "vulnerability_id": "VCID-shsh-c1xa-xbes", "summary": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3925", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3926", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2092", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2092" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2822", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2092" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296", "reference_id": "2437296", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-wmxr-6j5f-838p", "reference_id": "GHSA-wmxr-6j5f-838p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wmxr-6j5f-838p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113549?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/113550?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.4.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/74475?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5" } ], "aliases": [ "CVE-2026-2092", "GHSA-wmxr-6j5f-838p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shsh-c1xa-xbes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61660?format=api", "vulnerability_id": "VCID-sxtm-krnm-kff7", "summary": "org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-7500", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-7500" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08904", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7500" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/48709", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/48709" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/48715", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/48715" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7500", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7500" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464126", "reference_id": "2464126", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://github.com/advisories/GHSA-hm32-hfmw-rhvg", "reference_id": "GHSA-hm32-hfmw-rhvg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hm32-hfmw-rhvg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/116958?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7fx-dbch-e7fa" }, { "vulnerability": "VCID-qqn6-4z7u-4uas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.2" } ], "aliases": [ "CVE-2026-7500", "GHSA-hm32-hfmw-rhvg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sxtm-krnm-kff7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57741?format=api", "vulnerability_id": "VCID-tv3h-kxj7-u7ct", "summary": "Keycloak phishing attack via email verification step in first login flow\nThere is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to \"review profile\" information, which allows the the attacker to modify their email address to that of a victim's account. This triggers a verification email sent to the victim's email address. If the victim clicks the verification link, the attacker can gain access to the victim's account. While not a zero-interaction attack, the attacker's email address is not directly present in the verification email content, making it a potential phishing opportunity.\n\nThis issue has been fixed in versions 26.0.13, 26.2.6, and 26.3.0.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11986", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11987", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12015", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12016", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12016" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13678", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/40446", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/40446" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/40520", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/40520" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.0.13" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.2.6" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7365", "reference_id": "CVE-2025-7365", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7365" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365", "reference_id": "CVE-2025-7365", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365" }, { "reference_url": "https://github.com/advisories/GHSA-xhpr-465j-7p9q", "reference_id": "GHSA-xhpr-465j-7p9q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xhpr-465j-7p9q" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q", "reference_id": "GHSA-xhpr-465j-7p9q", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85929?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/803817?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/85928?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/70545?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bw6h-4h9x-rbab" }, { "vulnerability": "VCID-c58s-s3rb-27fw" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pgjk-vhx6-yqbt" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2025-7365", "GHSA-xhpr-465j-7p9q" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tv3h-kxj7-u7ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66664?format=api", "vulnerability_id": "VCID-tvba-94zp-t3hc", "summary": "keycloak: org.keycloak/keycloak-services: Keycloak: Privilege escalation via manage-clients permission", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3121", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3121" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01926", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3121" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46719", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3121", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3121" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442277", "reference_id": "2442277", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442277" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-7xf9-4jfc-wgm4", "reference_id": "GHSA-7xf9-4jfc-wgm4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7xf9-4jfc-wgm4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74838?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-3121", "GHSA-7xf9-4jfc-wgm4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvba-94zp-t3hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66856?format=api", "vulnerability_id": "VCID-u2fq-9cjc-1kf6", "summary": "keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2575" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09159", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2575" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46372", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46372" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149", "reference_id": "2440149", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-xv6h-r36f-3gp5", "reference_id": "GHSA-xv6h-r36f-3gp5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xv6h-r36f-3gp5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112932?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4" } ], "aliases": [ "CVE-2026-2575", "GHSA-xv6h-r36f-3gp5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2fq-9cjc-1kf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45782?format=api", "vulnerability_id": "VCID-ugpk-g4qu-x3b5", "summary": "Keycloak vulnerable to user impersonation via stolen UUID code\nKeycloak's OpenID Connect user authentication was found to incorrectly authenticate requests. An authenticated attacker who could also obtain a certain piece of info from a user request, from a victim within the same realm, could use that data to impersonate the victim and generate new session tokens.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0264.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0264.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-0264", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.88567", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03942", "scoring_system": "epss", "scoring_elements": "0.8855", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0264" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", "reference_id": "2160585", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "reference_url": "https://github.com/advisories/GHSA-9g98-5mj6-f9mv", "reference_id": "GHSA-9g98-5mj6-f9mv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9g98-5mj6-f9mv" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv", "reference_id": "GHSA-9g98-5mj6-f9mv", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66446?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@19.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@19.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/137584?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@21.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.0.1" } ], "aliases": [ "CVE-2023-0264", "GHSA-9g98-5mj6-f9mv", "GMS-2023-573" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugpk-g4qu-x3b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65751?format=api", "vulnerability_id": "VCID-uxs4-bydz-tbh4", "summary": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3925", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3926", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2603", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2603" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2603", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2603" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132" }, { "reference_url": "https://github.com/keycloak/keycloak/commits/26.5.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commits/26.5.5" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46911", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46911" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/46932", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/46932" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300", "reference_id": "2440300", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-x4p7-7chp-64hq", "reference_id": "GHSA-x4p7-7chp-64hq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x4p7-7chp-64hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74475?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5" } ], "aliases": [ "CVE-2026-2603", "GHSA-x4p7-7chp-64hq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxs4-bydz-tbh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47506?format=api", "vulnerability_id": "VCID-uya7-2sk1-6uat", "summary": "Keycloak secondary factor bypass in step-up authentication\nKeycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3597", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3597" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25898", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3597" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597", "reference_id": "CVE-2023-3597", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597" }, { "reference_url": "https://github.com/advisories/GHSA-4f53-xh3v-g8x4", "reference_id": "GHSA-4f53-xh3v-g8x4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f53-xh3v-g8x4" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4", "reference_id": "GHSA-4f53-xh3v-g8x4", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-3597", "GHSA-4f53-xh3v-g8x4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uya7-2sk1-6uat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63839?format=api", "vulnerability_id": "VCID-v69z-xrfn-q3gu", "summary": "keycloak: Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4282", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4282" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05644", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4282" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47719", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4282", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448061", "reference_id": "2448061", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448061" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-hj93-h7pg-fh6v", "reference_id": "GHSA-hj93-h7pg-fh6v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hj93-h7pg-fh6v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110369?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-xqks-vfap-aqb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-4282", "GHSA-hj93-h7pg-fh6v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v69z-xrfn-q3gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49398?format=api", "vulnerability_id": "VCID-vdjk-2v9a-xfdk", "summary": "Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions\nA flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01625", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14082" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419078", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419078" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14082", "reference_id": "CVE-2025-14082", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14082" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14082", "reference_id": "CVE-2025-14082", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14082" }, { "reference_url": "https://github.com/advisories/GHSA-6q37-7866-h27j", "reference_id": "GHSA-6q37-7866-h27j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6q37-7866-h27j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72880?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-58n2-w8fu-u3hc" }, { "vulnerability": "VCID-7fd4-t5k9-mfc7" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bw6h-4h9x-rbab" }, { "vulnerability": "VCID-c58s-s3rb-27fw" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zr12-p5eq-wubj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0" } ], "aliases": [ "CVE-2025-14082", "GHSA-6q37-7866-h27j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdjk-2v9a-xfdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106123?format=api", "vulnerability_id": "VCID-vs8q-ywf1-3qa2", "summary": "keycloak-services: ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3856", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3856" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58775", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58728", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3856" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8588", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8588" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-19422", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-19422" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3856", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164", "reference_id": "2010164", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164" }, { "reference_url": "https://github.com/advisories/GHSA-3w4v-rvc4-2xpw", "reference_id": "GHSA-3w4v-rvc4-2xpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3w4v-rvc4-2xpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/504240?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0" } ], "aliases": [ "CVE-2021-3856", "GHSA-3w4v-rvc4-2xpw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vs8q-ywf1-3qa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63604?format=api", "vulnerability_id": "VCID-vums-fzus-q7dn", "summary": "org.keycloak.forms.login: keycloak: Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-37980", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-37980" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-37980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1572", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-37980" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/48049", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/48049" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37980", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37980" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455325", "reference_id": "2455325", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455325" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://github.com/advisories/GHSA-m32f-8vh9-2hh3", "reference_id": "GHSA-m32f-8vh9-2hh3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m32f-8vh9-2hh3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74838?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-37980", "GHSA-m32f-8vh9-2hh3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vums-fzus-q7dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56013?format=api", "vulnerability_id": "VCID-w6nc-88yg-dkem", "summary": "Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect\nA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10386", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6878", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6880", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6882", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6886", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6887", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6889", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6890", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8823", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8824", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8826", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8826" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06592", "scoring_system": "epss", "scoring_elements": "0.91347", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8883" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8883", "reference_id": "CVE-2024-8883", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8883" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883", "reference_id": "CVE-2024-8883", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883" }, { "reference_url": "https://github.com/advisories/GHSA-w8gr-xwp4-r9f7", "reference_id": "GHSA-w8gr-xwp4-r9f7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w8gr-xwp4-r9f7" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7", "reference_id": "GHSA-w8gr-xwp4-r9f7", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82947?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/82948?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/82731?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6" } ], "aliases": [ "CVE-2024-8883", "GHSA-w8gr-xwp4-r9f7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6nc-88yg-dkem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55771?format=api", "vulnerability_id": "VCID-wcb5-wnjf-5uhm", "summary": "Duplicate Advisory: Keycloak has a brute force login protection bypass\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-gc7q-jgjv-vjr2. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6493", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6494", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6495", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6499", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6500", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6501", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4629", "reference_id": "CVE-2024-4629", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4629" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629", "reference_id": "CVE-2024-4629", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629" }, { "reference_url": "https://github.com/advisories/GHSA-8wm9-24qg-m5qj", "reference_id": "GHSA-8wm9-24qg-m5qj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wm9-24qg-m5qj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82538?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.4" } ], "aliases": [ "GHSA-8wm9-24qg-m5qj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wcb5-wnjf-5uhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5540?format=api", "vulnerability_id": "VCID-wt2c-cyu2-kbgm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85144", "scoring_system": "epss", "scoring_elements": "0.99373", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.85144", "scoring_system": "epss", "scoring_elements": "0.99371", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906797", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906797" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7790", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7790" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27838", "reference_id": "CVE-2020-27838", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27838" }, { "reference_url": "https://github.com/advisories/GHSA-pcv5-m2wh-66j3", "reference_id": "GHSA-pcv5-m2wh-66j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcv5-m2wh-66j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79360?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-9jrc-ayvh-e7dk" }, { "vulnerability": "VCID-asmd-x6cy-dqdt" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-ch1b-adh9-skah" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dvk9-qsq9-4uc3" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-g36a-kpzd-3bdf" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jfsk-9epz-t7a8" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kf26-bvty-a3g9" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-ugpk-g4qu-x3b5" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vs8q-ywf1-3qa2" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-wxaq-rrqq-pyah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2020-27838", "GHSA-pcv5-m2wh-66j3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2c-cyu2-kbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46136?format=api", "vulnerability_id": "VCID-wxaq-rrqq-pyah", "summary": "Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients\nWhen a Keycloak server is configured to support mTLS authentication for OAuth/OpenID clients, it does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client and therefore access data that belongs to other clients.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3883", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3884", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3885", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3888", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3892" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2422.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2422.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2422", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2422" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2422" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5c6c55945a384bfd82e51283096204dcb6f63d91", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5c6c55945a384bfd82e51283096204dcb6f63d91" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2422", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2422" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191668", "reference_id": "2191668", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191668" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://github.com/advisories/GHSA-3qh5-qqj2-c78f", "reference_id": "GHSA-3qh5-qqj2-c78f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3qh5-qqj2-c78f" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-3qh5-qqj2-c78f", "reference_id": "GHSA-3qh5-qqj2-c78f", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-3qh5-qqj2-c78f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65823?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@21.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-k6ct-rgvj-t3an" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2" } ], "aliases": [ "CVE-2023-2422", "GHSA-3qh5-qqj2-c78f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxaq-rrqq-pyah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46902?format=api", "vulnerability_id": "VCID-xbkp-kjgd-fqcx", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7854", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7855", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7856", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7857", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7858", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7860", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7861", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7861" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39491", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1", "reference_id": "cpe:/a:redhat:serverless:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6291", "reference_id": "CVE-2023-6291", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "reference_id": "CVE-2023-6291", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" }, { "reference_url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "GHSA-mpwq-j3xf-7m5w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "GHSA-mpwq-j3xf-7m5w", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68192?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-86yc-ds2u-jba3" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-m24y-x4sk-2yd6" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/135958?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2kyy-pzzx-n7gr" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-2xvq-t8jp-zfbj" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-6kbf-zmzu-xbgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dt1x-6344-fkda" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-ghak-3963-juhk" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hxup-rgnc-mqbp" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kbc1-6psh-17d8" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mt5g-24m9-tfbg" }, { "vulnerability": "VCID-nw1y-zwsy-auff" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-uya7-2sk1-6uat" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-y5qk-qy59-23hn" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3" } ], "aliases": [ "CVE-2023-6291", "GHSA-mpwq-j3xf-7m5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57788?format=api", "vulnerability_id": "VCID-xbmd-afn2-kfem", "summary": "Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15336", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15337", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15338", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15339", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15339" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-8419" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419" }, { "reference_url": "https://github.com/advisories/GHSA-qj5r-2r5p-phc7", "reference_id": "GHSA-qj5r-2r5p-phc7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qj5r-2r5p-phc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70547?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3" } ], "aliases": [ "GHSA-qj5r-2r5p-phc7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbmd-afn2-kfem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57220?format=api", "vulnerability_id": "VCID-xk8n-4az9-zfh3", "summary": "Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3910", "reference_id": "CVE-2025-3910", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3910" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910", "reference_id": "CVE-2025-3910", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910" }, { "reference_url": "https://github.com/advisories/GHSA-fx44-2wx5-5fvp", "reference_id": "GHSA-fx44-2wx5-5fvp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fx44-2wx5-5fvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84985?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mzdb-4zsz-qqhn" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "GHSA-fx44-2wx5-5fvp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xk8n-4az9-zfh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57232?format=api", "vulnerability_id": "VCID-xmxb-sg5r-ufbt", "summary": "Keycloak hostname verification\nA flaw was found in Keycloak. By setting a verification policy to 'ANY', the trust store certificate verification is skipped, which is unintended.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26008", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/39350", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/39350" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/39366", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/39366" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3501", "reference_id": "CVE-2025-3501", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501", "reference_id": "CVE-2025-3501", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501" }, { "reference_url": "https://github.com/advisories/GHSA-hw58-3793-42gg", "reference_id": "GHSA-hw58-3793-42gg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hw58-3793-42gg" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg", "reference_id": "GHSA-hw58-3793-42gg", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84985?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-mzdb-4zsz-qqhn" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "CVE-2025-3501", "GHSA-hw58-3793-42gg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmxb-sg5r-ufbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64745?format=api", "vulnerability_id": "VCID-xqks-vfap-aqb5", "summary": "keycloak: org.keycloak.authorization: Keycloak: Unauthorized resource modification due to improper access control", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4628", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4628" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0151", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4628" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4628", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450240", "reference_id": "2450240", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450240" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-4pgc-gfrr-wcmg", "reference_id": "GHSA-4pgc-gfrr-wcmg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4pgc-gfrr-wcmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/992314?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-sxtm-krnm-kff7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1" } ], "aliases": [ "CVE-2026-4628", "GHSA-4pgc-gfrr-wcmg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqks-vfap-aqb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63843?format=api", "vulnerability_id": "VCID-xymt-c6mk-73ff", "summary": "keycloak: Keycloak: UMA policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4636", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4636" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02167", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4636" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47717", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47717" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4636", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4636" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450251", "reference_id": "2450251", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450251" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-f2hx-5fx3-hmcv", "reference_id": "GHSA-f2hx-5fx3-hmcv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f2hx-5fx3-hmcv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110369?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-xqks-vfap-aqb5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-4636", "GHSA-f2hx-5fx3-hmcv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xymt-c6mk-73ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47509?format=api", "vulnerability_id": "VCID-y5qk-qy59-23hn", "summary": "Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS\nA potential security flaw in the \"checkLoginIframe\" which allows unvalidated cross-origin messages, enabling potential DDoS attacks. By exploiting this vulnerability, attackers could coordinate to send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2945", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4057", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4057" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46072", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1249" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12", "reference_id": "cpe:/a:redhat:amq_broker:7.12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1", "reference_id": "cpe:/a:redhat:amq_streams:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8", "reference_id": "cpe:/a:redhat:openshift_serverless:1.33::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1", "reference_id": "cpe:/a:redhat:rhdh:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1249", "reference_id": "CVE-2024-1249", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1249" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", "reference_id": "CVE-2024-1249", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249" }, { "reference_url": "https://github.com/advisories/GHSA-m6q9-p373-g5q8", "reference_id": "GHSA-m6q9-p373-g5q8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6q9-p373-g5q8" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8", "reference_id": "GHSA-m6q9-p373-g5q8", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69809?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/69810?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-2xg4-ad4r-4kce" }, { "vulnerability": "VCID-36v6-qmgy-j3cv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-4hs9-48uu-8qbf" }, { "vulnerability": "VCID-66zv-ra8w-s3b4" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-8ekh-fbbj-5yfb" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-bub5-f9wf-57d4" }, { "vulnerability": "VCID-cs4b-u9hn-9ugy" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-hzvd-ugxf-9fcd" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-w6nc-88yg-dkem" }, { "vulnerability": "VCID-wcb5-wnjf-5uhm" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" }, { "vulnerability": "VCID-zdyb-dh4t-5kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-1249", "GHSA-m6q9-p373-g5q8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5qk-qy59-23hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56263?format=api", "vulnerability_id": "VCID-zdyb-dh4t-5kam", "summary": "org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10176", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10177", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10178" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31194", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10270" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-10270", "reference_id": "CVE-2024-10270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-10270" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270", "reference_id": "CVE-2024-10270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270" }, { "reference_url": "https://github.com/advisories/GHSA-wq8x-cg39-8mrr", "reference_id": "GHSA-wq8x-cg39-8mrr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://github.com/advisories/GHSA-wq8x-cg39-8mrr" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr", "reference_id": "GHSA-wq8x-cg39-8mrr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83338?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83339?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12yb-w8kt-jyg3" }, { "vulnerability": "VCID-1fwh-a287-5qgt" }, { "vulnerability": "VCID-1u7p-4qg4-yqbv" }, { "vulnerability": "VCID-3adr-h63v-c3eg" }, { "vulnerability": "VCID-6dya-2u73-vbee" }, { "vulnerability": "VCID-7uk5-w4qh-8uhq" }, { "vulnerability": "VCID-bebk-k27t-4qgf" }, { "vulnerability": "VCID-dckx-y9zp-d7fy" }, { "vulnerability": "VCID-dgdk-ahqm-9ken" }, { "vulnerability": "VCID-dwgd-79t9-d7a1" }, { "vulnerability": "VCID-exeg-acrj-zkah" }, { "vulnerability": "VCID-fkdm-gq5h-rbg7" }, { "vulnerability": "VCID-gv5e-6w51-uydc" }, { "vulnerability": "VCID-gyv4-k3na-eyhu" }, { "vulnerability": "VCID-j8hz-kys5-z3dr" }, { "vulnerability": "VCID-jhzk-d1en-gkhj" }, { "vulnerability": "VCID-jpky-uz5r-gbc8" }, { "vulnerability": "VCID-jq8s-nkj4-j7h7" }, { "vulnerability": "VCID-kmna-8rms-2bez" }, { "vulnerability": "VCID-pq67-ngsq-cbe4" }, { "vulnerability": "VCID-pr4d-pmh8-yfeh" }, { "vulnerability": "VCID-s9bw-xmnt-xqbp" }, { "vulnerability": "VCID-shsh-c1xa-xbes" }, { "vulnerability": "VCID-sxtm-krnm-kff7" }, { "vulnerability": "VCID-tv3h-kxj7-u7ct" }, { "vulnerability": "VCID-tvba-94zp-t3hc" }, { "vulnerability": "VCID-u2fq-9cjc-1kf6" }, { "vulnerability": "VCID-uxs4-bydz-tbh4" }, { "vulnerability": "VCID-v69z-xrfn-q3gu" }, { "vulnerability": "VCID-vdjk-2v9a-xfdk" }, { "vulnerability": "VCID-vums-fzus-q7dn" }, { "vulnerability": "VCID-xbmd-afn2-kfem" }, { "vulnerability": "VCID-xk8n-4az9-zfh3" }, { "vulnerability": "VCID-xmxb-sg5r-ufbt" }, { "vulnerability": "VCID-xqks-vfap-aqb5" }, { "vulnerability": "VCID-xymt-c6mk-73ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6" } ], "aliases": [ "CVE-2024-10270", "GHSA-wq8x-cg39-8mrr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdyb-dh4t-5kam" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.4" }