Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/435013?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/435013?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@4.2.0.Final", "type": "maven", "namespace": "org.keycloak", "name": "keycloak-core", "version": "4.2.0.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "26.1.3", "latest_non_vulnerable_version": "26.1.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197328?format=api", "vulnerability_id": "VCID-1ewb-gxkb-j3cn", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1714.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1714.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02152", "scoring_system": "epss", "scoring_elements": "0.84688", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02152", "scoring_system": "epss", "scoring_elements": "0.84626", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02152", "scoring_system": "epss", "scoring_elements": "0.84679", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1714" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/33863ba16117844930a38ebde57a25258f5b80fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/33863ba16117844930a38ebde57a25258f5b80fd" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7053", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705975", "reference_id": "1705975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705975" }, { "reference_url": "https://security.archlinux.org/ASA-202005-8", "reference_id": "ASA-202005-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-8" }, { "reference_url": "https://security.archlinux.org/AVG-1158", "reference_id": "AVG-1158", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1158" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1714", "reference_id": "CVE-2020-1714", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1714" }, { "reference_url": "https://github.com/advisories/GHSA-m6mm-q862-j366", "reference_id": "GHSA-m6mm-q862-j366", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6mm-q862-j366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2814", "reference_id": "RHSA-2020:2814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2816", "reference_id": "RHSA-2020:2816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3017", "reference_id": "RHSA-2020:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3675", "reference_id": "RHSA-2020:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3678", "reference_id": "RHSA-2020:3678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4252", "reference_id": "RHSA-2020:4252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5568", "reference_id": "RHSA-2020:5568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5568" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19007?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@11.0.0" } ], "aliases": [ "CVE-2020-1714", "GHSA-m6mm-q862-j366" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ewb-gxkb-j3cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204675?format=api", "vulnerability_id": "VCID-1twj-46mj-vbeg", "summary": "Improper Restriction of Rendered UI Layers or Frames in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32694", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32513", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32716", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1728" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-12264", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-12264" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585", "reference_id": "1800585", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728", "reference_id": "CVE-2020-1728", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728" }, { "reference_url": "https://github.com/advisories/GHSA-3gg7-9q2x-79fc", "reference_id": "GHSA-3gg7-9q2x-79fc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gg7-9q2x-79fc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3495", "reference_id": "RHSA-2020:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3496", "reference_id": "RHSA-2020:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3497", "reference_id": "RHSA-2020:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3501", "reference_id": "RHSA-2020:3501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3539", "reference_id": "RHSA-2020:3539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4213", "reference_id": "RHSA-2020:4213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4252", "reference_id": "RHSA-2020:4252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4252" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392326?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0" } ], "aliases": [ "CVE-2020-1728", "GHSA-3gg7-9q2x-79fc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1twj-46mj-vbeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204670?format=api", "vulnerability_id": "VCID-27n8-twqe-c7hg", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14820", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54617", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54759", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54742", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14820" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649870", "reference_id": "1649870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649870" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14820", "reference_id": "CVE-2019-14820", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14820" }, { "reference_url": "https://github.com/advisories/GHSA-xfqh-7356-vqjj", "reference_id": "GHSA-xfqh-7356-vqjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xfqh-7356-vqjj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3044", "reference_id": "RHSA-2019:3044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3045", "reference_id": "RHSA-2019:3045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3046", "reference_id": "RHSA-2019:3046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3048", "reference_id": "RHSA-2019:3048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3049", "reference_id": "RHSA-2019:3049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3050", "reference_id": "RHSA-2019:3050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16374?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0" } ], "aliases": [ "CVE-2019-14820", "GHSA-xfqh-7356-vqjj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27n8-twqe-c7hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47088?format=api", "vulnerability_id": "VCID-3jtq-par5-tuax", "summary": "A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42764", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42583", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42745", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4028" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4028", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4028" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4028", "reference_id": "CVE-2024-4028", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4028" }, { "reference_url": "https://github.com/advisories/GHSA-q4xq-445g-g6ch", "reference_id": "GHSA-q4xq-445g-g6ch", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q4xq-445g-g6ch" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276418", "reference_id": "show_bug.cgi?id=2276418", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276418" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/782793?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@26.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.1.3" } ], "aliases": [ "CVE-2024-4028", "GHSA-q4xq-445g-g6ch" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jtq-par5-tuax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197255?format=api", "vulnerability_id": "VCID-3mcs-n479-zydu", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14627", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14626", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14509", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922128", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922128" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-17000", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-17000" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20202", "reference_id": "CVE-2021-20202", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20202" }, { "reference_url": "https://github.com/advisories/GHSA-6xp6-fmc8-pmmr", "reference_id": "GHSA-6xp6-fmc8-pmmr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xp6-fmc8-pmmr" }, { "reference_url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j", "reference_id": "GHSA-7gf3-89f6-823j", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19761?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0" } ], "aliases": [ "CVE-2021-20202", "GHSA-6xp6-fmc8-pmmr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mcs-n479-zydu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324630?format=api", "vulnerability_id": "VCID-49ev-wsaa-4bbn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33283", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33465", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33485", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1724" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527", "reference_id": "1800527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "reference_url": "https://github.com/advisories/GHSA-8xj2-47xw-q78c", "reference_id": "GHSA-8xj2-47xw-q78c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xj2-47xw-q78c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385382?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@9.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.2" } ], "aliases": [ "CVE-2020-1724", "GHSA-8xj2-47xw-q78c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49ev-wsaa-4bbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204671?format=api", "vulnerability_id": "VCID-551s-5jc8-x7g4", "summary": "XSS in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.52023", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.52165", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.52153", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1697" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791538", "reference_id": "1791538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791538" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1697", "reference_id": "CVE-2020-1697", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1697" }, { "reference_url": "https://github.com/advisories/GHSA-8vf3-4w62-m3pq", "reference_id": "GHSA-8vf3-4w62-m3pq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8vf3-4w62-m3pq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16375?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.0" } ], "aliases": [ "CVE-2020-1697", "GHSA-8vf3-4w62-m3pq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-551s-5jc8-x7g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/309291?format=api", "vulnerability_id": "VCID-6kkn-nm8v-u3a4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73433", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73507", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73522", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10170", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1721295", "reference_id": "1721295", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1721295" }, { "reference_url": "https://github.com/advisories/GHSA-7m27-3587-83xf", "reference_id": "GHSA-7m27-3587-83xf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m27-3587-83xf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3050", "reference_id": "RHSA-2019:3050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3050" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16374?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0" } ], "aliases": [ "CVE-2019-10170", "GHSA-7m27-3587-83xf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kkn-nm8v-u3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197711?format=api", "vulnerability_id": "VCID-7q52-ujxg-pyg4", "summary": "privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27826.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37586", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37409", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37611", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27826" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905089", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905089" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/dae4a3eaf26590b8d441b8e4bec3b700ee303b72", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/dae4a3eaf26590b8d441b8e4bec3b700ee303b72" }, { "reference_url": "https://security.archlinux.org/AVG-1373", "reference_id": "AVG-1373", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1373" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2020-27826", "reference_id": "CVE-2020-27826", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2020-27826" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27826", "reference_id": "CVE-2020-27826", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27826" }, { "reference_url": "https://github.com/advisories/GHSA-m9cj-v55f-8x26", "reference_id": "GHSA-m9cj-v55f-8x26", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9cj-v55f-8x26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5526", "reference_id": "RHSA-2020:5526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5526" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5527", "reference_id": "RHSA-2020:5527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5528", "reference_id": "RHSA-2020:5528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5533", "reference_id": "RHSA-2020:5533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5533" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19787?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-gxku-5esb-1qct" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0" } ], "aliases": [ "CVE-2020-27826", "GHSA-m9cj-v55f-8x26" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7q52-ujxg-pyg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30697?format=api", "vulnerability_id": "VCID-7tca-nfme-37ek", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53793", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53936", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53919", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627851", "reference_id": "1627851", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627851" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637", "reference_id": "CVE-2018-14637", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14637" }, { "reference_url": "https://github.com/advisories/GHSA-gf2j-7qwg-4f5x", "reference_id": "GHSA-gf2j-7qwg-4f5x", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf2j-7qwg-4f5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/435018?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@4.6.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-27n8-twqe-c7hg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-6kkn-nm8v-u3a4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-qwr8-j8k6-fqew" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-t4zx-ktg9-zue4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-x6m8-gkbc-4kec" }, { "vulnerability": "VCID-x77r-6nax-tqg6" }, { "vulnerability": "VCID-xf39-m1jv-zbfj" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.6.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/14617?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.6.0" } ], "aliases": [ "CVE-2018-14637", "GHSA-gf2j-7qwg-4f5x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tca-nfme-37ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197689?format=api", "vulnerability_id": "VCID-7xus-anmm-9ba3", "summary": "cross-site request forgery", "references": [ { "reference_url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92282", "scoring_system": "epss", "scoring_elements": "0.99736", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.92282", "scoring_system": "epss", "scoring_elements": "0.99735", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.92282", "scoring_system": "epss", "scoring_elements": "0.99737", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10770" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2" }, { "reference_url": "https://github.com/keycloak/keycloak-documentation/pull/1086", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak-documentation/pull/1086" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7714", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7714" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-14019", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-14019" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-3426", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-3426" }, { "reference_url": "https://security.archlinux.org/AVG-1577", "reference_id": "AVG-1577", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1577" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py", "reference_id": "CVE-2020-10770", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770", "reference_id": "CVE-2020-10770", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770" }, { "reference_url": "https://github.com/advisories/GHSA-jh7q-5mwf-qvhw", "reference_id": "GHSA-jh7q-5mwf-qvhw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh7q-5mwf-qvhw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0318", "reference_id": "RHSA-2021:0318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0319", "reference_id": "RHSA-2021:0319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0320", "reference_id": "RHSA-2021:0320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0327", "reference_id": "RHSA-2021:0327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0327" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/478114?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@12.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19761?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0" } ], "aliases": [ "CVE-2020-10770", "GHSA-jh7q-5mwf-qvhw" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xus-anmm-9ba3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359474?format=api", "vulnerability_id": "VCID-b99p-3rqx-v7b4", "summary": "keycloak-core: mTLS passthrough", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27603", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27578", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10039" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/35217", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/35217" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319217", "reference_id": "2319217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319217" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10039", "reference_id": "CVE-2024-10039", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10039" }, { "reference_url": "https://github.com/advisories/GHSA-93ww-43rr-79v3", "reference_id": "GHSA-93ww-43rr-79v3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-93ww-43rr-79v3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10175", "reference_id": "RHSA-2024:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10176", "reference_id": "RHSA-2024:10176", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10177", "reference_id": "RHSA-2024:10177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10178", "reference_id": "RHSA-2024:10178", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10178" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11645", "reference_id": "RHSA-2025:11645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11645" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372879?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@26.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.0.6" } ], "aliases": [ "CVE-2024-10039", "GHSA-93ww-43rr-79v3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b99p-3rqx-v7b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212237?format=api", "vulnerability_id": "VCID-bvmd-z1hf-5yef", "summary": "Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7318", "reference_id": "CVE-2024-7318", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7318" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7318", "reference_id": "CVE-2024-7318", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7318" }, { "reference_url": "https://github.com/advisories/GHSA-57rh-gr4v-j5f6", "reference_id": "GHSA-57rh-gr4v-j5f6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57rh-gr4v-j5f6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33302?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@24.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33830?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@25.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-sg1r-gdub-fba1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0" } ], "aliases": [ "GHSA-57rh-gr4v-j5f6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvmd-z1hf-5yef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174865?format=api", "vulnerability_id": "VCID-c2nr-hks8-4qg1", "summary": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45723", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45567", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45714", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-3916", "reference_id": "CVE-2022-3916", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "reference_url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "GHSA-97g8-xfvw-q4hg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8961", "reference_id": "RHSA-2022:8961", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8962", "reference_id": "RHSA-2022:8962", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8963", "reference_id": "RHSA-2022:8963", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8964", "reference_id": "RHSA-2022:8964", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8965", "reference_id": "RHSA-2022:8965", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", "reference_id": "show_bug.cgi?id=2141404", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394378?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@20.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-srz9-395b-tkhj" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.2" } ], "aliases": [ "CVE-2022-3916", "GHSA-97g8-xfvw-q4hg", "GMS-2022-8406" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nr-hks8-4qg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197027?format=api", "vulnerability_id": "VCID-cbrs-98sn-mqfq", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29954", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.2997", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29757", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-16550", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-16550" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725", "reference_id": "CVE-2020-1725", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725" }, { "reference_url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm", "reference_id": "GHSA-p225-pc2x-4jpm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19761?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0" } ], "aliases": [ "CVE-2020-1725", "GHSA-p225-pc2x-4jpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbrs-98sn-mqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204673?format=api", "vulnerability_id": "VCID-cxjv-a4yf-2bgs", "summary": "Predictable password in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1731.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1731.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60401", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60518", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00389", "scoring_system": "epss", "scoring_elements": "0.60507", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1731" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801713", "reference_id": "1801713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801713" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1731", "reference_id": "CVE-2020-1731", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1731" }, { "reference_url": "https://github.com/advisories/GHSA-6pmv-7pr9-cgrj", "reference_id": "GHSA-6pmv-7pr9-cgrj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pmv-7pr9-cgrj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16376?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@8.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.2" } ], "aliases": [ "CVE-2020-1731", "GHSA-6pmv-7pr9-cgrj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxjv-a4yf-2bgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211250?format=api", "vulnerability_id": "VCID-czc3-kxs3-yfdt", "summary": "Keycloak XSS via use of malicious payload as group name when creating new group from admin console", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.6682", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.66927", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.66913", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0225" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "reference_id": "CVE-2022-0225", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "reference_id": "GHSA-755v-r4x4-qf7m", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" }, { "reference_url": "https://github.com/advisories/GHSA-fqc7-5xxc-ph7r", "reference_id": "GHSA-fqc7-5xxc-ph7r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqc7-5xxc-ph7r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6782", "reference_id": "RHSA-2022:6782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6783", "reference_id": "RHSA-2022:6783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6787", "reference_id": "RHSA-2022:6787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7409", "reference_id": "RHSA-2022:7409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7410", "reference_id": "RHSA-2022:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7411", "reference_id": "RHSA-2022:7411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7417", "reference_id": "RHSA-2022:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/546619?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@16.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@16.1.1" } ], "aliases": [ "CVE-2022-0225", "GHSA-fqc7-5xxc-ph7r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czc3-kxs3-yfdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/346690?format=api", "vulnerability_id": "VCID-ejyg-88gf-sfbh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00993", "scoring_system": "epss", "scoring_elements": "0.77334", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00993", "scoring_system": "epss", "scoring_elements": "0.77404", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00993", "scoring_system": "epss", "scoring_elements": "0.7742", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1274" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/16764", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/16764" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" }, { "reference_url": "https://herolab.usd.de/security-advisories/usd-2021-0033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://herolab.usd.de/security-advisories/usd-2021-0033" }, { "reference_url": "https://herolab.usd.de/security-advisories/usd-2021-0033/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://herolab.usd.de/security-advisories/usd-2021-0033/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", "reference_id": "2073157", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "reference_url": "https://github.com/advisories/GHSA-m4fv-gm5m-4725", "reference_id": "GHSA-m4fv-gm5m-4725", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4fv-gm5m-4725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/393154?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@20.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.5" } ], "aliases": [ "CVE-2022-1274", "GHSA-m4fv-gm5m-4725", "GMS-2023-528" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ejyg-88gf-sfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197257?format=api", "vulnerability_id": "VCID-fmep-x7k1-37aj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35912", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36091", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36115", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14302" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849584", "reference_id": "1849584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849584" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14302", "reference_id": "CVE-2020-14302", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0967", "reference_id": "RHSA-2021:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0968", "reference_id": "RHSA-2021:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0969", "reference_id": "RHSA-2021:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0974", "reference_id": "RHSA-2021:0974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0974" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19761?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0" } ], "aliases": [ "CVE-2020-14302" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmep-x7k1-37aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207732?format=api", "vulnerability_id": "VCID-h6ky-xtx2-augv", "summary": "Cross-site Scripting in keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50841", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50989", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50973", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776", "reference_id": "CVE-2020-10776", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776" }, { "reference_url": "https://github.com/advisories/GHSA-484q-784p-8m5h", "reference_id": "GHSA-484q-784p-8m5h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-484q-784p-8m5h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4929", "reference_id": "RHSA-2020:4929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4930", "reference_id": "RHSA-2020:4930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4932", "reference_id": "RHSA-2020:4932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19787?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-gxku-5esb-1qct" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0" } ], "aliases": [ "CVE-2020-10776", "GHSA-484q-784p-8m5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6ky-xtx2-augv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207734?format=api", "vulnerability_id": "VCID-hvwy-pv1y-sqeg", "summary": "Improper Authentication for Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59035", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59158", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59147", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1718" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756", "reference_id": "1796756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "reference_id": "CVE-2020-1718", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" }, { "reference_url": "https://github.com/advisories/GHSA-j229-2h63-rvh9", "reference_id": "GHSA-j229-2h63-rvh9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j229-2h63-rvh9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16374?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0" } ], "aliases": [ "CVE-2020-1718", "GHSA-j229-2h63-rvh9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvwy-pv1y-sqeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211253?format=api", "vulnerability_id": "VCID-kdwj-wspq-1ket", "summary": "Keycloak has Files or Directories Accessible to External Parties", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58963", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58952", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.5884", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8588", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8588" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-19422", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-19422" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3856", "reference_id": "CVE-2021-3856", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3856" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3856", "reference_id": "CVE-2021-3856", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3856" }, { "reference_url": "https://github.com/advisories/GHSA-3w4v-rvc4-2xpw", "reference_id": "GHSA-3w4v-rvc4-2xpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3w4v-rvc4-2xpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25892?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.1.0" } ], "aliases": [ "CVE-2021-3856", "GHSA-3w4v-rvc4-2xpw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdwj-wspq-1ket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210028?format=api", "vulnerability_id": "VCID-ktfu-j9gz-p7d1", "summary": "Keycloak vulnerable to cross-site scripting via the state parameter", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3592", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3593", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3595", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3595" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44931", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44765", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44916", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14655" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396", "reference_id": "1625396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655", "reference_id": "CVE-2018-14655", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655" }, { "reference_url": "https://github.com/advisories/GHSA-458h-wv48-fq75", "reference_id": "GHSA-458h-wv48-fq75", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-458h-wv48-fq75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/435016?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@4.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-27n8-twqe-c7hg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-6kkn-nm8v-u3a4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7tca-nfme-37ek" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-qwr8-j8k6-fqew" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-t4zx-ktg9-zue4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-x6m8-gkbc-4kec" }, { "vulnerability": "VCID-x77r-6nax-tqg6" }, { "vulnerability": "VCID-xf39-m1jv-zbfj" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.4.0.Final" } ], "aliases": [ "CVE-2018-14655", "GHSA-458h-wv48-fq75" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktfu-j9gz-p7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197253?format=api", "vulnerability_id": "VCID-kyss-1ab7-77ef", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4215", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42337", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42315", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7976", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7976" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3513", "reference_id": "CVE-2021-3513", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3513" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513", "reference_id": "CVE-2021-3513", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513" }, { "reference_url": "https://github.com/advisories/GHSA-xv7h-95r7-595j", "reference_id": "GHSA-xv7h-95r7-595j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7h-95r7-595j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19761?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0" } ], "aliases": [ "CVE-2021-3513", "GHSA-xv7h-95r7-595j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyss-1ab7-77ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46349?format=api", "vulnerability_id": "VCID-m7ec-ad95-87aa", "summary": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.519", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51758", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51888", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7260" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7260", "reference_id": "CVE-2024-7260", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7260", "reference_id": "CVE-2024-7260", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7260" }, { "reference_url": "https://github.com/advisories/GHSA-g4gc-rh26-m3p5", "reference_id": "GHSA-g4gc-rh26-m3p5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g4gc-rh26-m3p5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6502", "reference_id": "RHSA-2024:6502", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6503", "reference_id": "RHSA-2024:6503", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6503" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875", "reference_id": "show_bug.cgi?id=2301875", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33302?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@24.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33830?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@25.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-sg1r-gdub-fba1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0" } ], "aliases": [ "CVE-2024-7260", "GHSA-g4gc-rh26-m3p5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ec-ad95-87aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324618?format=api", "vulnerability_id": "VCID-mb69-adq5-aqdy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16153", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16296", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16308", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1698" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/6751", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/6751" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1698", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1698" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790292", "reference_id": "1790292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790292" }, { "reference_url": "https://github.com/advisories/GHSA-qgmm-f2qw-r95f", "reference_id": "GHSA-qgmm-f2qw-r95f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qgmm-f2qw-r95f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5625", "reference_id": "RHSA-2020:5625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5625" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16375?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.0" } ], "aliases": [ "CVE-2020-1698", "GHSA-qgmm-f2qw-r95f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mb69-adq5-aqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209000?format=api", "vulnerability_id": "VCID-q1jj-f5rg-57b1", "summary": "Improper authorization in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.364", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36605", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.3658", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1466" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050228", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050228" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt" }, { "reference_url": "https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1466", "reference_id": "CVE-2022-1466", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1466" }, { "reference_url": "https://github.com/advisories/GHSA-f32v-vf79-p29q", "reference_id": "GHSA-f32v-vf79-p29q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f32v-vf79-p29q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20308?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@17.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.1" } ], "aliases": [ "CVE-2022-1466", "GHSA-f32v-vf79-p29q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1jj-f5rg-57b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197282?format=api", "vulnerability_id": "VCID-qbxs-9gb1-dbe3", "summary": "cross-site scripting", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20195.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20195.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54253", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54127", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54271", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20195" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/717d9515fa131e3d8c8936e41b2e52270fdec976", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/717d9515fa131e3d8c8936e41b2e52270fdec976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20195", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20195" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919143", "reference_id": "1919143", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919143" }, { "reference_url": "https://security.archlinux.org/ASA-202102-29", "reference_id": "ASA-202102-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-29" }, { "reference_url": "https://security.archlinux.org/AVG-1578", "reference_id": "AVG-1578", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1578" }, { "reference_url": "https://github.com/advisories/GHSA-q6w2-89hq-hq27", "reference_id": "GHSA-q6w2-89hq-hq27", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q6w2-89hq-hq27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/478136?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@12.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/19761?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0" } ], "aliases": [ "CVE-2021-20195", "GHSA-q6w2-89hq-hq27" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbxs-9gb1-dbe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203835?format=api", "vulnerability_id": "VCID-qwr8-j8k6-fqew", "summary": "Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1515", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15283", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15277", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3875" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875" }, { "reference_url": "http://www.securityfocus.com/bid/108748", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/108748" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690628", "reference_id": "1690628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690628" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3875", "reference_id": "CVE-2019-3875", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3875" }, { "reference_url": "https://github.com/advisories/GHSA-38cg-gg9j-q9j9", "reference_id": "GHSA-38cg-gg9j-q9j9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38cg-gg9j-q9j9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "RHSA-2019:1456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2366", "reference_id": "RHSA-2020:2366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15616?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-27n8-twqe-c7hg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-6kkn-nm8v-u3a4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-t4zx-ktg9-zue4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0" } ], "aliases": [ "CVE-2019-3875", "GHSA-38cg-gg9j-q9j9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwr8-j8k6-fqew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/322580?format=api", "vulnerability_id": "VCID-sbyx-da8j-mqfx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2020-14389", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2020-14389" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35293", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35269", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35091", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14389" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14389", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14389" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875843", "reference_id": "1875843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875843" }, { "reference_url": "https://github.com/advisories/GHSA-c9x9-xv66-xp3v", "reference_id": "GHSA-c9x9-xv66-xp3v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9x9-xv66-xp3v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4929", "reference_id": "RHSA-2020:4929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4930", "reference_id": "RHSA-2020:4930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4932", "reference_id": "RHSA-2020:4932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19787?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-gxku-5esb-1qct" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0" } ], "aliases": [ "CVE-2020-14389", "GHSA-c9x9-xv66-xp3v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyx-da8j-mqfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45544?format=api", "vulnerability_id": "VCID-sg1r-gdub-fba1", "summary": "A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\r\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00938", "scoring_system": "epss", "scoring_elements": "0.76734", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00938", "scoring_system": "epss", "scoring_elements": "0.76651", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00938", "scoring_system": "epss", "scoring_elements": "0.7672", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7318" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7318", "reference_id": "CVE-2024-7318", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7318" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7318", "reference_id": "CVE-2024-7318", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7318" }, { "reference_url": "https://github.com/advisories/GHSA-xmmm-jw76-q7vg", "reference_id": "GHSA-xmmm-jw76-q7vg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmmm-jw76-q7vg" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg", "reference_id": "GHSA-xmmm-jw76-q7vg", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6502", "reference_id": "RHSA-2024:6502", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6503", "reference_id": "RHSA-2024:6503", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6503" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301876", "reference_id": "show_bug.cgi?id=2301876", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33302?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@24.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33831?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@25.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.4" } ], "aliases": [ "CVE-2024-7318", "GHSA-xmmm-jw76-q7vg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sg1r-gdub-fba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/311713?format=api", "vulnerability_id": "VCID-t4zx-ktg9-zue4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14837.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77491", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.7756", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77574", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f" }, { "reference_url": "https://issues.jboss.org/browse/KEYCLOAK-10780", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/KEYCLOAK-10780" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14837", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14837" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730227", "reference_id": "1730227", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730227" }, { "reference_url": "https://github.com/advisories/GHSA-cf8f-w2c5-p5jr", "reference_id": "GHSA-cf8f-w2c5-p5jr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cf8f-w2c5-p5jr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4040", "reference_id": "RHSA-2019:4040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4041", "reference_id": "RHSA-2019:4041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4042", "reference_id": "RHSA-2019:4042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4045", "reference_id": "RHSA-2019:4045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4045" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16374?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0" } ], "aliases": [ "CVE-2019-14837", "GHSA-cf8f-w2c5-p5jr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4zx-ktg9-zue4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197024?format=api", "vulnerability_id": "VCID-u9df-phf1-83gr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66537", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66643", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66629", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8203", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8203" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-18500", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-18500" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3632", "reference_id": "CVE-2021-3632", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3632" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632", "reference_id": "CVE-2021-3632", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632" }, { "reference_url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr", "reference_id": "GHSA-qpq9-jpv4-6gwr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25892?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.1.0" } ], "aliases": [ "CVE-2021-3632", "GHSA-qpq9-jpv4-6gwr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9df-phf1-83gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/358330?format=api", "vulnerability_id": "VCID-utd3-fu1x-augq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6134", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6134" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02468", "scoring_system": "epss", "scoring_elements": "0.8565", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02468", "scoring_system": "epss", "scoring_elements": "0.85641", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02468", "scoring_system": "epss", "scoring_elements": "0.85589", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6134" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673", "reference_id": "2249673", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "reference_url": "https://github.com/advisories/GHSA-cvg2-7c3j-g36j", "reference_id": "GHSA-cvg2-7c3j-g36j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cvg2-7c3j-g36j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7854", "reference_id": "RHSA-2023:7854", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7855", "reference_id": "RHSA-2023:7855", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7856", "reference_id": "RHSA-2023:7856", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7857", "reference_id": "RHSA-2023:7857", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7858", "reference_id": "RHSA-2023:7858", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7860", "reference_id": "RHSA-2023:7860", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7861", "reference_id": "RHSA-2023:7861", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0798", "reference_id": "RHSA-2024:0798", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0799", "reference_id": "RHSA-2024:0799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0800", "reference_id": "RHSA-2024:0800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0801", "reference_id": "RHSA-2024:0801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0804", "reference_id": "RHSA-2024:0804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394894?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@23.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0" } ], "aliases": [ "CVE-2023-6134", "GHSA-cvg2-7c3j-g36j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utd3-fu1x-augq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324635?format=api", "vulnerability_id": "VCID-w5wa-m47v-7fhy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2020-1744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2020-1744" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41172", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41151", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40984", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805792", "reference_id": "1805792", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805792" }, { "reference_url": "https://github.com/advisories/GHSA-4gf2-xv97-63m2", "reference_id": "GHSA-4gf2-xv97-63m2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4gf2-xv97-63m2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0945", "reference_id": "RHSA-2020:0945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0946", "reference_id": "RHSA-2020:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0947", "reference_id": "RHSA-2020:0947", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0951", "reference_id": "RHSA-2020:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382489?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-h3bz-fuss-bydx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/385382?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@9.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.2" } ], "aliases": [ "CVE-2020-1744", "GHSA-4gf2-xv97-63m2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5wa-m47v-7fhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142637?format=api", "vulnerability_id": "VCID-wfeg-6241-cucs", "summary": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39694", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39499", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3967", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1", "reference_id": "cpe:/a:redhat:serverless:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6291", "reference_id": "CVE-2023-6291", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "reference_url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "GHSA-mpwq-j3xf-7m5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7854", "reference_id": "RHSA-2023:7854", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7855", "reference_id": "RHSA-2023:7855", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7856", "reference_id": "RHSA-2023:7856", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7857", "reference_id": "RHSA-2023:7857", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7858", "reference_id": "RHSA-2023:7858", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7860", "reference_id": "RHSA-2023:7860", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7861", "reference_id": "RHSA-2023:7861", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0798", "reference_id": "RHSA-2024:0798", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0799", "reference_id": "RHSA-2024:0799", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0800", "reference_id": "RHSA-2024:0800", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0801", "reference_id": "RHSA-2024:0801", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0804", "reference_id": "RHSA-2024:0804", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407", "reference_id": "show_bug.cgi?id=2251407", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394894?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@23.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0" } ], "aliases": [ "CVE-2023-6291", "GHSA-mpwq-j3xf-7m5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfeg-6241-cucs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204089?format=api", "vulnerability_id": "VCID-x6m8-gkbc-4kec", "summary": "Improper Verification of Cryptographic Signature in keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10201", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33464", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33443", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728609", "reference_id": "1728609", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728609" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10201", "reference_id": "CVE-2019-10201", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10201" }, { "reference_url": "https://github.com/advisories/GHSA-4fgq-gq9g-3rw7", "reference_id": "GHSA-4fgq-gq9g-3rw7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4fgq-gq9g-3rw7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2483", "reference_id": "RHSA-2019:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2366", "reference_id": "RHSA-2020:2366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15616?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-27n8-twqe-c7hg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-6kkn-nm8v-u3a4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-t4zx-ktg9-zue4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0" } ], "aliases": [ "CVE-2019-10201", "GHSA-4fgq-gq9g-3rw7" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6m8-gkbc-4kec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203576?format=api", "vulnerability_id": "VCID-x77r-6nax-tqg6", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1140", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2998", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51369", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51225", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51356", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868" }, { "reference_url": "http://www.securityfocus.com/bid/108061", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/108061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679144", "reference_id": "1679144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679144" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3868", "reference_id": "CVE-2019-3868", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3868" }, { "reference_url": "https://github.com/advisories/GHSA-gc52-xj6p-9pxp", "reference_id": "GHSA-gc52-xj6p-9pxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc52-xj6p-9pxp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0856", "reference_id": "RHSA-2019:0856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0857", "reference_id": "RHSA-2019:0857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0868", "reference_id": "RHSA-2019:0868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2366", "reference_id": "RHSA-2020:2366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15225?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-27n8-twqe-c7hg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-6kkn-nm8v-u3a4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-qwr8-j8k6-fqew" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-t4zx-ktg9-zue4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-x6m8-gkbc-4kec" }, { "vulnerability": "VCID-xf39-m1jv-zbfj" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@6.0.0" } ], "aliases": [ "CVE-2019-3868", "GHSA-gc52-xj6p-9pxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x77r-6nax-tqg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204090?format=api", "vulnerability_id": "VCID-xf39-m1jv-zbfj", "summary": "Improper Input Validation and Cross-Site Request Forgery in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26365", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26583", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26567", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10199" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1729261", "reference_id": "1729261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1729261" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10199", "reference_id": "CVE-2019-10199", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10199" }, { "reference_url": "https://github.com/advisories/GHSA-p5xp-6vpf-jwvh", "reference_id": "GHSA-p5xp-6vpf-jwvh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p5xp-6vpf-jwvh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2483", "reference_id": "RHSA-2019:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2366", "reference_id": "RHSA-2020:2366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15616?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-1twj-46mj-vbeg" }, { "vulnerability": "VCID-27n8-twqe-c7hg" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-551s-5jc8-x7g4" }, { "vulnerability": "VCID-6kkn-nm8v-u3a4" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cxjv-a4yf-2bgs" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-mb69-adq5-aqdy" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-t4zx-ktg9-zue4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0" } ], "aliases": [ "CVE-2019-10199", "GHSA-p5xp-6vpf-jwvh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xf39-m1jv-zbfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211657?format=api", "vulnerability_id": "VCID-yb4r-xbbq-47en", "summary": "keycloak-core: open redirect via \"form_post.jwt\" JARM response mode", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0097", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0098", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0100", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0101", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.75207", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.75123", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.75194", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255027" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6927", "reference_id": "CVE-2023-6927", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6927" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927", "reference_id": "CVE-2023-6927", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6927" }, { "reference_url": "https://github.com/advisories/GHSA-9vm7-v8wj-3fqw", "reference_id": "GHSA-9vm7-v8wj-3fqw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9vm7-v8wj-3fqw" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw", "reference_id": "GHSA-9vm7-v8wj-3fqw", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0094", "reference_id": "RHSA-2024:0094", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0094" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0095", "reference_id": "RHSA-2024:0095", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0096", "reference_id": "RHSA-2024:0096", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0798", "reference_id": "RHSA-2024:0798", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0799", "reference_id": "RHSA-2024:0799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0800", "reference_id": "RHSA-2024:0800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0801", "reference_id": "RHSA-2024:0801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0804", "reference_id": "RHSA-2024:0804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28536?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@23.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-z5qm-jh27-skdr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.4" } ], "aliases": [ "CVE-2023-6927", "GHSA-9vm7-v8wj-3fqw", "GMS-2024-51" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yb4r-xbbq-47en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142651?format=api", "vulnerability_id": "VCID-z5qm-jh27-skdr", "summary": "A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70447", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70343", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70433", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6841" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/32837", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/32837" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/24.0.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/24.0.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4", "reference_id": "cpe:/a:redhat:mobile_application_platform:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_id": "cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6841", "reference_id": "CVE-2023-6841", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6841" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6841", "reference_id": "CVE-2023-6841", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6841" }, { "reference_url": "https://github.com/advisories/GHSA-w97f-w3hq-36g2", "reference_id": "GHSA-w97f-w3hq-36g2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w97f-w3hq-36g2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254714", "reference_id": "show_bug.cgi?id=2254714", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254714" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29444?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@24.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-sg1r-gdub-fba1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.0" } ], "aliases": [ "CVE-2023-6841", "GHSA-w97f-w3hq-36g2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z5qm-jh27-skdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/152938?format=api", "vulnerability_id": "VCID-z5yv-y145-abeh", "summary": "A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25208", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2499", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2519", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35509" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912427", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912427" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/6330", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/6330" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8067", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8067" }, { "reference_url": "https://security.archlinux.org/ASA-202106-53", "reference_id": "ASA-202106-53", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-53" }, { "reference_url": "https://security.archlinux.org/AVG-2084", "reference_id": "AVG-2084", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2084" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2020-35509", "reference_id": "cve-2020-35509", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-30T19:38:02Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2020-35509" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35509", "reference_id": "CVE-2020-35509", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35509" }, { "reference_url": "https://github.com/advisories/GHSA-rpj2-w6fr-79hc", "reference_id": "GHSA-rpj2-w6fr-79hc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rpj2-w6fr-79hc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25844?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@14.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@14.0.0" } ], "aliases": [ "CVE-2020-35509", "GHSA-rpj2-w6fr-79hc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z5yv-y145-abeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197256?format=api", "vulnerability_id": "VCID-z8cr-qt2v-rkgn", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85144", "scoring_system": "epss", "scoring_elements": "0.99377", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.85144", "scoring_system": "epss", "scoring_elements": "0.99376", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.85144", "scoring_system": "epss", "scoring_elements": "0.99374", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906797", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906797" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7790", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7790" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27838", "reference_id": "CVE-2020-27838", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27838" }, { "reference_url": "https://github.com/advisories/GHSA-pcv5-m2wh-66j3", "reference_id": "GHSA-pcv5-m2wh-66j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcv5-m2wh-66j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19761?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0" } ], "aliases": [ "CVE-2020-27838", "GHSA-pcv5-m2wh-66j3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8cr-qt2v-rkgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148446?format=api", "vulnerability_id": "VCID-zha3-5yra-sfae", "summary": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0091", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53021", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52877", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53006", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0091" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585", "reference_id": "2158585", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-0091", "reference_id": "CVE-2023-0091", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "reference_url": "https://github.com/advisories/GHSA-v436-q368-hvgg", "reference_id": "GHSA-v436-q368-hvgg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v436-q368-hvgg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379985?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@20.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.3" } ], "aliases": [ "CVE-2023-0091", "GHSA-v436-q368-hvgg", "GMS-2023-37" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zha3-5yra-sfae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207726?format=api", "vulnerability_id": "VCID-ztxp-j5gt-4qdb", "summary": "Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49187", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4905", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49205", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1758" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-13285", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-13285" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514", "reference_id": "1812514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758", "reference_id": "CVE-2020-1758", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758" }, { "reference_url": "https://github.com/advisories/GHSA-c597-f74m-jgc2", "reference_id": "GHSA-c597-f74m-jgc2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c597-f74m-jgc2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392326?format=api", "purl": "pkg:maven/org.keycloak/keycloak-core@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ewb-gxkb-j3cn" }, { "vulnerability": "VCID-3jtq-par5-tuax" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-7q52-ujxg-pyg4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-b99p-3rqx-v7b4" }, { "vulnerability": "VCID-bvmd-z1hf-5yef" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-czc3-kxs3-yfdt" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-m7ec-ad95-87aa" }, { "vulnerability": "VCID-q1jj-f5rg-57b1" }, { "vulnerability": "VCID-qbxs-9gb1-dbe3" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-sg1r-gdub-fba1" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-yb4r-xbbq-47en" }, { "vulnerability": "VCID-z5qm-jh27-skdr" }, { "vulnerability": "VCID-z5yv-y145-abeh" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zha3-5yra-sfae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0" } ], "aliases": [ "CVE-2020-1758", "GHSA-c597-f74m-jgc2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxp-j5gt-4qdb" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.2.0.Final" }