Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/456167?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/456167?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@2.4.0.Final", "type": "maven", "namespace": "org.keycloak", "name": "keycloak-services", "version": "2.4.0.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "26.6.3", "latest_non_vulnerable_version": "26.6.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92535?format=api", "vulnerability_id": "VCID-1j4m-w46h-zkhq", "summary": "A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28843", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28619", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28819", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8419" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0", "reference_id": "cpe:/a:redhat:build_keycloak:26.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2", "reference_id": "cpe:/a:redhat:build_keycloak:26.2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-8419" }, { "reference_url": "https://github.com/advisories/GHSA-m4j5-5x4r-2xp9", "reference_id": "GHSA-m4j5-5x4r-2xp9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4j5-5x4r-2xp9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15336", "reference_id": "RHSA-2025:15336", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15337", "reference_id": "RHSA-2025:15337", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15338", "reference_id": "RHSA-2025:15338", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15339", "reference_id": "RHSA-2025:15339", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15339" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776", "reference_id": "show_bug.cgi?id=2385776", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376807?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/376808?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3" } ], "aliases": [ "CVE-2025-8419", "GHSA-m4j5-5x4r-2xp9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1j4m-w46h-zkhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148275?format=api", "vulnerability_id": "VCID-1mxe-pmc8-63aw", "summary": "A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17431", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17252", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17417", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0657" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-0657", "reference_id": "CVE-2023-0657", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-0657" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657", "reference_id": "CVE-2023-0657", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657" }, { "reference_url": "https://github.com/advisories/GHSA-7fpj-9hr8-28vh", "reference_id": "GHSA-7fpj-9hr8-28vh", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fpj-9hr8-28vh" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh", "reference_id": "GHSA-7fpj-9hr8-28vh", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "RHSA-2024:1868", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728", "reference_id": "show_bug.cgi?id=2166728", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30416?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/30414?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-0657", "GHSA-7fpj-9hr8-28vh" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mxe-pmc8-63aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355843?format=api", "vulnerability_id": "VCID-1z6p-w7um-2kbf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2585" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29612", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29595", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29393", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2585" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2585", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2585" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196335", "reference_id": "2196335", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196335" }, { "reference_url": "https://github.com/advisories/GHSA-f5h4-wmp5-xhg6", "reference_id": "GHSA-f5h4-wmp5-xhg6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f5h4-wmp5-xhg6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3883", "reference_id": "RHSA-2023:3883", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3884", "reference_id": "RHSA-2023:3884", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3885", "reference_id": "RHSA-2023:3885", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3888", "reference_id": "RHSA-2023:3888", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3892", "reference_id": "RHSA-2023:3892", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3892" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381744?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@21.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2" } ], "aliases": [ "CVE-2023-2585", "GHSA-f5h4-wmp5-xhg6" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1z6p-w7um-2kbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46039?format=api", "vulnerability_id": "VCID-32db-rsf2-h7hm", "summary": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02246", "scoring_system": "epss", "scoring_elements": "0.84995", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02246", "scoring_system": "epss", "scoring_elements": "0.84933", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02246", "scoring_system": "epss", "scoring_elements": "0.84986", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7341" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7341", "reference_id": "CVE-2024-7341", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7341" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7341", "reference_id": "CVE-2024-7341", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7341" }, { "reference_url": "https://github.com/advisories/GHSA-5rxp-2rhr-qwqv", "reference_id": "GHSA-5rxp-2rhr-qwqv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5rxp-2rhr-qwqv" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv", "reference_id": "GHSA-5rxp-2rhr-qwqv", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv" }, { "reference_url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv", "reference_id": "GHSA-j76j-rqwj-jmvv", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6493", "reference_id": "RHSA-2024:6493", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6494", "reference_id": "RHSA-2024:6494", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6495", "reference_id": "RHSA-2024:6495", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6497", "reference_id": "RHSA-2024:6497", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6499", "reference_id": "RHSA-2024:6499", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6500", "reference_id": "RHSA-2024:6500", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6501", "reference_id": "RHSA-2024:6501", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6502", "reference_id": "RHSA-2024:6502", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6503", "reference_id": "RHSA-2024:6503", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6503" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064", "reference_id": "show_bug.cgi?id=2302064", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33301?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38vg-nb6g-3kg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/33303?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38vg-nb6g-3kg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33300?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.5" } ], "aliases": [ "CVE-2024-7341", "GHSA-5rxp-2rhr-qwqv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32db-rsf2-h7hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34666?format=api", "vulnerability_id": "VCID-38vg-nb6g-3kg8", "summary": "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06592", "scoring_system": "epss", "scoring_elements": "0.91414", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.06592", "scoring_system": "epss", "scoring_elements": "0.91375", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.06592", "scoring_system": "epss", "scoring_elements": "0.91407", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8883" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8883", "reference_id": "CVE-2024-8883", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8883" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883", "reference_id": "CVE-2024-8883", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883" }, { "reference_url": "https://github.com/advisories/GHSA-w8gr-xwp4-r9f7", "reference_id": "GHSA-w8gr-xwp4-r9f7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w8gr-xwp4-r9f7" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7", "reference_id": "GHSA-w8gr-xwp4-r9f7", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7" }, { "reference_url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java", "reference_id": "RedirectUtils.java", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10385", "reference_id": "RHSA-2024:10385", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10386", "reference_id": "RHSA-2024:10386", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6878", "reference_id": "RHSA-2024:6878", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6879", "reference_id": "RHSA-2024:6879", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6880", "reference_id": "RHSA-2024:6880", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6882", "reference_id": "RHSA-2024:6882", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6886", "reference_id": "RHSA-2024:6886", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6887", "reference_id": "RHSA-2024:6887", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6888", "reference_id": "RHSA-2024:6888", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6889", "reference_id": "RHSA-2024:6889", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6890", "reference_id": "RHSA-2024:6890", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8823", "reference_id": "RHSA-2024:8823", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8824", "reference_id": "RHSA-2024:8824", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8826", "reference_id": "RHSA-2024:8826", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8826" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511", "reference_id": "show_bug.cgi?id=2312511", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33827?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/33826?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/33519?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6" } ], "aliases": [ "CVE-2024-8883", "GHSA-w8gr-xwp4-r9f7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38vg-nb6g-3kg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360512?format=api", "vulnerability_id": "VCID-39yc-g31q-u7gt", "summary": "Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3910", "reference_id": "CVE-2025-3910", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3910" }, { "reference_url": "https://github.com/advisories/GHSA-fx44-2wx5-5fvp", "reference_id": "GHSA-fx44-2wx5-5fvp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fx44-2wx5-5fvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376299?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-sa2j-p1w2-ebgj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "GHSA-fx44-2wx5-5fvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39yc-g31q-u7gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197255?format=api", "vulnerability_id": "VCID-3mcs-n479-zydu", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14627", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14626", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14509", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922128", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922128" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-17000", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-17000" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20202", "reference_id": "CVE-2021-20202", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20202" }, { "reference_url": "https://github.com/advisories/GHSA-6xp6-fmc8-pmmr", "reference_id": "GHSA-6xp6-fmc8-pmmr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xp6-fmc8-pmmr" }, { "reference_url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j", "reference_id": "GHSA-7gf3-89f6-823j", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/478132?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2021-20202", "GHSA-6xp6-fmc8-pmmr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mcs-n479-zydu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/126716?format=api", "vulnerability_id": "VCID-42w4-65kp-f7dy", "summary": "A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11963", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11875", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11961", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2559" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2559", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2559" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/38576", "reference_id": "38576", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/38576" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca", "reference_id": "a10c8119d4452b866b90a9019b2cc159919276ca", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-2559", "reference_id": "CVE-2025-2559", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-2559" }, { "reference_url": "https://github.com/advisories/GHSA-2935-2wfm-hhpv", "reference_id": "GHSA-2935-2wfm-hhpv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2935-2wfm-hhpv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "RHSA-2025:4335", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "RHSA-2025:4336", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868", "reference_id": "show_bug.cgi?id=2353868", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/790729?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5" } ], "aliases": [ "CVE-2025-2559", "GHSA-2935-2wfm-hhpv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42w4-65kp-f7dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324630?format=api", "vulnerability_id": "VCID-49ev-wsaa-4bbn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33283", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33465", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33485", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1724" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1724" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527", "reference_id": "1800527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800527" }, { "reference_url": "https://github.com/advisories/GHSA-8xj2-47xw-q78c", "reference_id": "GHSA-8xj2-47xw-q78c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xj2-47xw-q78c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/456213?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@9.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2" } ], "aliases": [ "CVE-2020-1724", "GHSA-8xj2-47xw-q78c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49ev-wsaa-4bbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84992?format=api", "vulnerability_id": "VCID-4b67-9tus-s7ds", "summary": "A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10077", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10021", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1007", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2733" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46462", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46462" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2733", "reference_id": "CVE-2026-2733", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2733" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733", "reference_id": "CVE-2026-2733", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733" }, { "reference_url": "https://github.com/advisories/GHSA-fjf4-6f34-w64q", "reference_id": "GHSA-fjf4-6f34-w64q", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fjf4-6f34-w64q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "RHSA-2026:3947", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "RHSA-2026:3948", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895", "reference_id": "show_bug.cgi?id=2440895", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374710?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4" } ], "aliases": [ "CVE-2026-2733", "GHSA-fjf4-6f34-w64q" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4b67-9tus-s7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212178?format=api", "vulnerability_id": "VCID-4taw-3r2y-eud6", "summary": "Keycloak's improper input validation allows using email as username", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3754.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12319", "scoring_system": "epss", "scoring_elements": "0.94057", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.12319", "scoring_system": "epss", "scoring_elements": "0.94032", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.12319", "scoring_system": "epss", "scoring_elements": "0.94052", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3754", "reference_id": "CVE-2021-3754", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3754", "reference_id": "CVE-2021-3754", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3754" }, { "reference_url": "https://github.com/advisories/GHSA-4vc8-pg5c-vg4x", "reference_id": "GHSA-4vc8-pg5c-vg4x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vc8-pg5c-vg4x" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x", "reference_id": "GHSA-4vc8-pg5c-vg4x", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32186?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.1" } ], "aliases": [ "CVE-2021-3754", "GHSA-4vc8-pg5c-vg4x" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4taw-3r2y-eud6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85713?format=api", "vulnerability_id": "VCID-4uf3-t2q9-5fcp", "summary": "A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01912", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01907", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0191", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3121" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46719", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3121", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3121" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3121", "reference_id": "CVE-2026-3121", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3121" }, { "reference_url": "https://github.com/advisories/GHSA-7xf9-4jfc-wgm4", "reference_id": "GHSA-7xf9-4jfc-wgm4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7xf9-4jfc-wgm4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442277", "reference_id": "show_bug.cgi?id=2442277", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442277" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40702?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-mdys-vw33-uqa1" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-3121", "GHSA-7xf9-4jfc-wgm4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4uf3-t2q9-5fcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85484?format=api", "vulnerability_id": "VCID-4y2p-6e9v-ufh7", "summary": "A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11496", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11426", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11502", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3009" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46911", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46911" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.5.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.5.5" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3009", "reference_id": "CVE-2026-3009", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009", "reference_id": "CVE-2026-3009", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009" }, { "reference_url": "https://github.com/advisories/GHSA-m297-3jv9-m927", "reference_id": "GHSA-m297-3jv9-m927", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m297-3jv9-m927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "RHSA-2026:3947", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "RHSA-2026:3948", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867", "reference_id": "show_bug.cgi?id=2441867", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40285?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5" } ], "aliases": [ "CVE-2026-3009", "GHSA-m297-3jv9-m927" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4y2p-6e9v-ufh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71976?format=api", "vulnerability_id": "VCID-5cfv-kzxe-3qg4", "summary": "A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed into an inline JavaScript `onclick` handler, allowing a crafted JavaScript payload to execute in a user's browser when they view the login page. Successful exploitation enables arbitrary JavaScript execution, potentially leading to session theft, unauthorized account actions, or further attacks against users of the affected realm.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-37980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15841", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1569", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15829", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-37980" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/48049", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/48049" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37980", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37980" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-37980", "reference_id": "CVE-2026-37980", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-37980" }, { "reference_url": "https://github.com/advisories/GHSA-m32f-8vh9-2hh3", "reference_id": "GHSA-m32f-8vh9-2hh3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m32f-8vh9-2hh3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455325", "reference_id": "show_bug.cgi?id=2455325", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455325" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40702?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-mdys-vw33-uqa1" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-37980", "GHSA-m32f-8vh9-2hh3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfv-kzxe-3qg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84772?format=api", "vulnerability_id": "VCID-5gut-s9z6-u3gs", "summary": "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28337", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28116", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28312", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2092" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2092", "reference_id": "CVE-2026-2092", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2092" }, { "reference_url": "https://github.com/advisories/GHSA-wmxr-6j5f-838p", "reference_id": "GHSA-wmxr-6j5f-838p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wmxr-6j5f-838p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3925", "reference_id": "RHSA-2026:3925", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3926", "reference_id": "RHSA-2026:3926", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "RHSA-2026:3947", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "RHSA-2026:3948", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296", "reference_id": "show_bug.cgi?id=2437296", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374988?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/374989?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.4.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/40285?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5" } ], "aliases": [ "CVE-2026-2092", "GHSA-wmxr-6j5f-838p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5gut-s9z6-u3gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96291?format=api", "vulnerability_id": "VCID-6fwf-utem-8bgx", "summary": "A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19472", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19282", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19452", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12110" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/43790", "reference_id": "43790", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/43790" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12110", "reference_id": "CVE-2025-12110", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12110" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12110", "reference_id": "CVE-2025-12110", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12110" }, { "reference_url": "https://github.com/advisories/GHSA-895x-rfqp-jh5c", "reference_id": "GHSA-895x-rfqp-jh5c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-895x-rfqp-jh5c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "RHSA-2025:21370", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "RHSA-2025:21371", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "RHSA-2025:22088", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "RHSA-2025:22089", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406033", "reference_id": "show_bug.cgi?id=2406033", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406033" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34737?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-sa2j-p1w2-ebgj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3" } ], "aliases": [ "CVE-2025-12110", "GHSA-895x-rfqp-jh5c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fwf-utem-8bgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52572?format=api", "vulnerability_id": "VCID-6j4h-u22h-cubz", "summary": "A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3137", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31158", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31352", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10270" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4", "reference_id": "5d6c91f3309db468b0fe4834e88c3d25649f73e4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-10270", "reference_id": "CVE-2024-10270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-10270" }, { "reference_url": "https://github.com/advisories/GHSA-wq8x-cg39-8mrr", "reference_id": "GHSA-wq8x-cg39-8mrr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://github.com/advisories/GHSA-wq8x-cg39-8mrr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10175", "reference_id": "RHSA-2024:10175", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10176", "reference_id": "RHSA-2024:10176", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10177", "reference_id": "RHSA-2024:10177", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10178", "reference_id": "RHSA-2024:10178", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214", "reference_id": "show_bug.cgi?id=2321214", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372884?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372885?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6" } ], "aliases": [ "CVE-2024-10270", "GHSA-wq8x-cg39-8mrr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6j4h-u22h-cubz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96523?format=api", "vulnerability_id": "VCID-6t42-926q-3bhd", "summary": "A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04469", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04481", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04484", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12390" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80" }, { "reference_url": "https://github.com/keycloak/keycloak/discussions/31265", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/discussions/31265" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/32197", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/32197" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/43853", "reference_id": "43853", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/43853" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12390", "reference_id": "CVE-2025-12390", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12390" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12390", "reference_id": "CVE-2025-12390", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12390" }, { "reference_url": "https://github.com/advisories/GHSA-rg35-5v25-mqvp", "reference_id": "GHSA-rg35-5v25-mqvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg35-5v25-mqvp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "RHSA-2025:21370", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "RHSA-2025:21371", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "RHSA-2025:22088", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "RHSA-2025:22089", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406793", "reference_id": "show_bug.cgi?id=2406793", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34849?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0" } ], "aliases": [ "CVE-2025-12390", "GHSA-rg35-5v25-mqvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6t42-926q-3bhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142600?format=api", "vulnerability_id": "VCID-6vfq-3vub-zbdc", "summary": "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.2785", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27624", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27825", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6717" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12", "reference_id": "cpe:/a:redhat:amq_broker:7.12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1", "reference_id": "cpe:/a:redhat:openshift_gitops:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8", "reference_id": "cpe:/a:redhat:openshift_serverless:1.33::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3", "reference_id": "cpe:/a:redhat:quarkus:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1", "reference_id": "cpe:/a:redhat:rhdh:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6717", "reference_id": "CVE-2023-6717", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6717" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", "reference_id": "CVE-2023-6717", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6717" }, { "reference_url": "https://github.com/advisories/GHSA-8rmm-gm28-pj8q", "reference_id": "GHSA-8rmm-gm28-pj8q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8rmm-gm28-pj8q" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q", "reference_id": "GHSA-8rmm-gm28-pj8q", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1353", "reference_id": "RHSA-2024:1353", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "RHSA-2024:1868", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2945", "reference_id": "RHSA-2024:2945", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4057", "reference_id": "RHSA-2024:4057", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", "reference_id": "show_bug.cgi?id=2253952", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30416?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/30414?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6717", "GHSA-8rmm-gm28-pj8q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vfq-3vub-zbdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142411?format=api", "vulnerability_id": "VCID-76xj-44n8-gfa4", "summary": "A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69964", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69858", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00596", "scoring_system": "epss", "scoring_elements": "0.69949", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6484" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/25078", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/25078" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6484", "reference_id": "CVE-2023-6484", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6484" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484", "reference_id": "CVE-2023-6484", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6484" }, { "reference_url": "https://github.com/advisories/GHSA-j628-q885-8gr5", "reference_id": "GHSA-j628-q885-8gr5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j628-q885-8gr5" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5", "reference_id": "GHSA-j628-q885-8gr5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0798", "reference_id": "RHSA-2024:0798", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0799", "reference_id": "RHSA-2024:0799", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0800", "reference_id": "RHSA-2024:0800", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0801", "reference_id": "RHSA-2024:0801", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0804", "reference_id": "RHSA-2024:0804", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "RHSA-2024:1860", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "RHSA-2024:1861", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "RHSA-2024:1862", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "RHSA-2024:1864", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1865", "reference_id": "RHSA-2024:1865", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "RHSA-2024:1866", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "RHSA-2024:1868", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423", "reference_id": "show_bug.cgi?id=2248423", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248423" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30646?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/30645?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.5" } ], "aliases": [ "CVE-2023-6484", "GHSA-j628-q885-8gr5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76xj-44n8-gfa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197689?format=api", "vulnerability_id": "VCID-7xus-anmm-9ba3", "summary": "cross-site request forgery", "references": [ { "reference_url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92282", "scoring_system": "epss", "scoring_elements": "0.99736", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.92282", "scoring_system": "epss", "scoring_elements": "0.99735", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.92282", "scoring_system": "epss", "scoring_elements": "0.99737", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10770" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2" }, { "reference_url": "https://github.com/keycloak/keycloak-documentation/pull/1086", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak-documentation/pull/1086" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7714", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7714" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-14019", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-14019" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-3426", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-3426" }, { "reference_url": "https://security.archlinux.org/AVG-1577", "reference_id": "AVG-1577", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1577" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py", "reference_id": "CVE-2020-10770", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770", "reference_id": "CVE-2020-10770", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10770" }, { "reference_url": "https://github.com/advisories/GHSA-jh7q-5mwf-qvhw", "reference_id": "GHSA-jh7q-5mwf-qvhw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh7q-5mwf-qvhw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0318", "reference_id": "RHSA-2021:0318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0319", "reference_id": "RHSA-2021:0319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0320", "reference_id": "RHSA-2021:0320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0327", "reference_id": "RHSA-2021:0327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0327" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/478105?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@12.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.2" } ], "aliases": [ "CVE-2020-10770", "GHSA-jh7q-5mwf-qvhw" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xus-anmm-9ba3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73425?format=api", "vulnerability_id": "VCID-82aq-wymj-ekby", "summary": "A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01904", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.019", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01902", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4874" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4874", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4874" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4874", "reference_id": "CVE-2026-4874", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4874" }, { "reference_url": "https://github.com/advisories/GHSA-22rm-wp4x-v5cx", "reference_id": "GHSA-22rm-wp4x-v5cx", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-22rm-wp4x-v5cx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25097", "reference_id": "RHSA-2026:25097", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:25097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25098", "reference_id": "RHSA-2026:25098", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:25098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451611", "reference_id": "show_bug.cgi?id=2451611", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451611" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/975121?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a6bx-hkuu-zkg4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1" } ], "aliases": [ "CVE-2026-4874", "GHSA-22rm-wp4x-v5cx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82aq-wymj-ekby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106694?format=api", "vulnerability_id": "VCID-85r1-z7c6-6bcb", "summary": "A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13786", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1367", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13787", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7365" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.0.13" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.2.6" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/40446", "reference_id": "40446", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/40446" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/40520", "reference_id": "40520", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/40520" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7365", "reference_id": "CVE-2025-7365", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7365" }, { "reference_url": "https://github.com/advisories/GHSA-xhpr-465j-7p9q", "reference_id": "GHSA-xhpr-465j-7p9q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xhpr-465j-7p9q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11986", "reference_id": "RHSA-2025:11986", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11987", "reference_id": "RHSA-2025:11987", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12015", "reference_id": "RHSA-2025:12015", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12016", "reference_id": "RHSA-2025:12016", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852", "reference_id": "show_bug.cgi?id=2378852", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378331?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/790726?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/378332?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/34740?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8txb-4xw8-aydm" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ec5w-983u-tbbz" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-hdz7-3722-xfe6" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2025-7365", "GHSA-xhpr-465j-7p9q" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-85r1-z7c6-6bcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360759?format=api", "vulnerability_id": "VCID-8baa-m4rc-aqh5", "summary": "Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7365", "reference_id": "CVE-2025-7365", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7365" }, { "reference_url": "https://github.com/advisories/GHSA-gj52-35xm-gxjh", "reference_id": "GHSA-gj52-35xm-gxjh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gj52-35xm-gxjh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34740?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8txb-4xw8-aydm" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ec5w-983u-tbbz" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-hdz7-3722-xfe6" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "GHSA-gj52-35xm-gxjh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8baa-m4rc-aqh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72017?format=api", "vulnerability_id": "VCID-8fsf-kear-tyb2", "summary": "A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: [\"*\"]`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-37977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01306", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01213", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01211", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-37977" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37977", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37977" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-37977", "reference_id": "CVE-2026-37977", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-37977" }, { "reference_url": "https://github.com/advisories/GHSA-5v8v-xvjv-57x7", "reference_id": "GHSA-5v8v-xvjv-57x7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v8v-xvjv-57x7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25097", "reference_id": "RHSA-2026:25097", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:25097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25098", "reference_id": "RHSA-2026:25098", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:25098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455324", "reference_id": "show_bug.cgi?id=2455324", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455324" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374657?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0" } ], "aliases": [ "CVE-2026-37977", "GHSA-5v8v-xvjv-57x7" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fsf-kear-tyb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54106?format=api", "vulnerability_id": "VCID-8ga9-uqff-rfdw", "summary": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55962", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.56083", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.56097", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1132" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10", "reference_id": "cpe:/a:redhat:amq_broker:7.10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11", "reference_id": "cpe:/a:redhat:amq_broker:7.11", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12", "reference_id": "cpe:/a:redhat:amq_broker:7.12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "reference_id": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3", "reference_id": "cpe:/a:redhat:quarkus:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1132", "reference_id": "CVE-2024-1132", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", "reference_id": "CVE-2024-1132", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132" }, { "reference_url": "https://github.com/advisories/GHSA-72vp-xfrc-42xm", "reference_id": "GHSA-72vp-xfrc-42xm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72vp-xfrc-42xm" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm", "reference_id": "GHSA-72vp-xfrc-42xm", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "RHSA-2024:1860", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "RHSA-2024:1861", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "RHSA-2024:1862", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "RHSA-2024:1864", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "RHSA-2024:1866", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "RHSA-2024:1868", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2945", "reference_id": "RHSA-2024:2945", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3752", "reference_id": "RHSA-2024:3752", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3762", "reference_id": "RHSA-2024:3762", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3919", "reference_id": "RHSA-2024:3919", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3989", "reference_id": "RHSA-2024:3989", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117", "reference_id": "show_bug.cgi?id=2262117", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30416?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/30414?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-1132", "GHSA-72vp-xfrc-42xm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ga9-uqff-rfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72575?format=api", "vulnerability_id": "VCID-a6bx-hkuu-zkg4", "summary": "When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08734", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08686", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0873", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7500" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/48709", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/48709" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/48715", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/48715" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7500", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7500" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-7500", "reference_id": "CVE-2026-7500", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-7500" }, { "reference_url": "https://github.com/advisories/GHSA-hm32-hfmw-rhvg", "reference_id": "GHSA-hm32-hfmw-rhvg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm32-hfmw-rhvg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25097", "reference_id": "RHSA-2026:25097", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:25097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25098", "reference_id": "RHSA-2026:25098", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:25098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464126", "reference_id": "show_bug.cgi?id=2464126", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464126" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41155?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-99gq-5t6k-7yf5" }, { "vulnerability": "VCID-e94v-acqx-1bcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.2" } ], "aliases": [ "CVE-2026-7500", "GHSA-hm32-hfmw-rhvg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6bx-hkuu-zkg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212232?format=api", "vulnerability_id": "VCID-any2-t2rb-f3bz", "summary": "Duplicate Advisory: Keycloak has a brute force login protection bypass", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4629", "reference_id": "CVE-2024-4629", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4629" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629", "reference_id": "CVE-2024-4629", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629" }, { "reference_url": "https://github.com/advisories/GHSA-8wm9-24qg-m5qj", "reference_id": "GHSA-8wm9-24qg-m5qj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wm9-24qg-m5qj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33241?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.4" } ], "aliases": [ "GHSA-8wm9-24qg-m5qj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-any2-t2rb-f3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99722?format=api", "vulnerability_id": "VCID-b7ak-4hjc-xuhh", "summary": "A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14083", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01031", "published_at": "2026-06-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01027", "published_at": "2026-06-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01025", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14083" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45493", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45493" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14083", "reference_id": "CVE-2025-14083", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14083" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14083", "reference_id": "CVE-2025-14083", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14083" }, { "reference_url": "https://github.com/advisories/GHSA-594w-2fwp-jwrc", "reference_id": "GHSA-594w-2fwp-jwrc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-594w-2fwp-jwrc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419086", "reference_id": "show_bug.cgi?id=2419086", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419086" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34740?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8txb-4xw8-aydm" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ec5w-983u-tbbz" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-hdz7-3722-xfe6" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2025-14083", "GHSA-594w-2fwp-jwrc" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ak-4hjc-xuhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47740?format=api", "vulnerability_id": "VCID-b8bu-q83t-mqgu", "summary": "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.5456", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54545", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54419", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4540" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4540", "reference_id": "CVE-2024-4540", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4540" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540", "reference_id": "CVE-2024-4540", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540" }, { "reference_url": "https://github.com/advisories/GHSA-69fp-7c8p-crjr", "reference_id": "GHSA-69fp-7c8p-crjr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69fp-7c8p-crjr" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr", "reference_id": "GHSA-69fp-7c8p-crjr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3566", "reference_id": "RHSA-2024:3566", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3567", "reference_id": "RHSA-2024:3567", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3568", "reference_id": "RHSA-2024:3568", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3570", "reference_id": "RHSA-2024:3570", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3572", "reference_id": "RHSA-2024:3572", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3573", "reference_id": "RHSA-2024:3573", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3574", "reference_id": "RHSA-2024:3574", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3575", "reference_id": "RHSA-2024:3575", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3576", "reference_id": "RHSA-2024:3576", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3576" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303", "reference_id": "show_bug.cgi?id=2279303", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31891?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5" } ], "aliases": [ "CVE-2024-4540", "GHSA-69fp-7c8p-crjr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8bu-q83t-mqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174865?format=api", "vulnerability_id": "VCID-c2nr-hks8-4qg1", "summary": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45723", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45567", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45714", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-3916", "reference_id": "CVE-2022-3916", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "reference_url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "GHSA-97g8-xfvw-q4hg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8961", "reference_id": "RHSA-2022:8961", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8962", "reference_id": "RHSA-2022:8962", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8963", "reference_id": "RHSA-2022:8963", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8964", "reference_id": "RHSA-2022:8964", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8965", "reference_id": "RHSA-2022:8965", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", "reference_id": "show_bug.cgi?id=2141404", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394388?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@20.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-w2zv-nrcz-nyhj" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.2" } ], "aliases": [ "CVE-2022-3916", "GHSA-97g8-xfvw-q4hg", "GMS-2022-8406" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nr-hks8-4qg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197027?format=api", "vulnerability_id": "VCID-cbrs-98sn-mqfq", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29954", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.2997", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29757", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-16550", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-16550" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725", "reference_id": "CVE-2020-1725", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725" }, { "reference_url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm", "reference_id": "GHSA-p225-pc2x-4jpm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/478132?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2020-1725", "GHSA-p225-pc2x-4jpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbrs-98sn-mqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151490?format=api", "vulnerability_id": "VCID-cmpj-geab-aqc4", "summary": "A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26042", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25827", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26026", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3597" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3597", "reference_id": "CVE-2023-3597", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3597" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597", "reference_id": "CVE-2023-3597", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3597" }, { "reference_url": "https://github.com/advisories/GHSA-4f53-xh3v-g8x4", "reference_id": "GHSA-4f53-xh3v-g8x4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f53-xh3v-g8x4" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4", "reference_id": "GHSA-4f53-xh3v-g8x4", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "RHSA-2024:1866", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "RHSA-2024:1868", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760", "reference_id": "show_bug.cgi?id=2221760", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221760" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30416?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/30414?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-3597", "GHSA-4f53-xh3v-g8x4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmpj-geab-aqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73411?format=api", "vulnerability_id": "VCID-czza-hz45-5ka6", "summary": "A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03186", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0319", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03203", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4636" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47717", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47717" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4636", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4636" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4636", "reference_id": "CVE-2026-4636", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4636" }, { "reference_url": "https://github.com/advisories/GHSA-f2hx-5fx3-hmcv", "reference_id": "GHSA-f2hx-5fx3-hmcv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2hx-5fx3-hmcv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450251", "reference_id": "show_bug.cgi?id=2450251", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450251" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373606?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-4636", "GHSA-f2hx-5fx3-hmcv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czza-hz45-5ka6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85437?format=api", "vulnerability_id": "VCID-ecc8-b6za-vqds", "summary": "A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02122", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02118", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3190" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46723", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46723" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3190", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3190" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3190", "reference_id": "CVE-2026-3190", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3190" }, { "reference_url": "https://github.com/advisories/GHSA-q35r-vvhv-vx5h", "reference_id": "GHSA-q35r-vvhv-vx5h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q35r-vvhv-vx5h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442572", "reference_id": "show_bug.cgi?id=2442572", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442572" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40702?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-mdys-vw33-uqa1" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-3190", "GHSA-q35r-vvhv-vx5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecc8-b6za-vqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/346690?format=api", "vulnerability_id": "VCID-ejyg-88gf-sfbh", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00993", "scoring_system": "epss", "scoring_elements": "0.77334", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00993", "scoring_system": "epss", "scoring_elements": "0.77404", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00993", "scoring_system": "epss", "scoring_elements": "0.7742", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1274" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/16764", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/16764" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" }, { "reference_url": "https://herolab.usd.de/security-advisories/usd-2021-0033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://herolab.usd.de/security-advisories/usd-2021-0033" }, { "reference_url": "https://herolab.usd.de/security-advisories/usd-2021-0033/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://herolab.usd.de/security-advisories/usd-2021-0033/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157", "reference_id": "2073157", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "reference_url": "https://github.com/advisories/GHSA-m4fv-gm5m-4725", "reference_id": "GHSA-m4fv-gm5m-4725", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4fv-gm5m-4725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380825?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@20.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.5" } ], "aliases": [ "CVE-2022-1274", "GHSA-m4fv-gm5m-4725", "GMS-2023-528" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ejyg-88gf-sfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85433?format=api", "vulnerability_id": "VCID-epvz-duxp-tyf7", "summary": "A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0252", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02527", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0253", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3872" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47718", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47718" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3872", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3872" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3872", "reference_id": "CVE-2026-3872", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3872" }, { "reference_url": "https://github.com/advisories/GHSA-cjm2-j6cm-6p6m", "reference_id": "GHSA-cjm2-j6cm-6p6m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjm2-j6cm-6p6m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445988", "reference_id": "show_bug.cgi?id=2445988", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445988" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373606?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-3872", "GHSA-cjm2-j6cm-6p6m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-epvz-duxp-tyf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360667?format=api", "vulnerability_id": "VCID-f2m5-cwr1-ryc1", "summary": "Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-8419" }, { "reference_url": "https://github.com/advisories/GHSA-qj5r-2r5p-phc7", "reference_id": "GHSA-qj5r-2r5p-phc7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qj5r-2r5p-phc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376808?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3" } ], "aliases": [ "GHSA-qj5r-2r5p-phc7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2m5-cwr1-ryc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78771?format=api", "vulnerability_id": "VCID-feud-rr2t-tyfx", "summary": "A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01692", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01686", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01689", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1035" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45647", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45647" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1035", "reference_id": "CVE-2026-1035", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1035" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1035", "reference_id": "CVE-2026-1035", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1035" }, { "reference_url": "https://github.com/advisories/GHSA-m2w5-7xhv-w6fh", "reference_id": "GHSA-m2w5-7xhv-w6fh", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m2w5-7xhv-w6fh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430314", "reference_id": "show_bug.cgi?id=2430314", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430314" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34740?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8txb-4xw8-aydm" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ec5w-983u-tbbz" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-hdz7-3722-xfe6" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2026-1035", "GHSA-m2w5-7xhv-w6fh" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-feud-rr2t-tyfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197257?format=api", "vulnerability_id": "VCID-fmep-x7k1-37aj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35912", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36091", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36115", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14302" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849584", "reference_id": "1849584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849584" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14302", "reference_id": "CVE-2020-14302", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14302" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0967", "reference_id": "RHSA-2021:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0968", "reference_id": "RHSA-2021:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0969", "reference_id": "RHSA-2021:0969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0974", "reference_id": "RHSA-2021:0974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0974" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/478132?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2020-14302" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmep-x7k1-37aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209007?format=api", "vulnerability_id": "VCID-fv39-cmv1-53bs", "summary": "Keycloak is vulnerable to IDN homograph attack", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e" }, { "reference_url": "https://github.com/advisories/GHSA-mwm4-5qwr-g9pf", "reference_id": "GHSA-mwm4-5qwr-g9pf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwm4-5qwr-g9pf" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf", "reference_id": "GHSA-mwm4-5qwr-g9pf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20307?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0" } ], "aliases": [ "GHSA-mwm4-5qwr-g9pf", "GMS-2022-1099" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fv39-cmv1-53bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324631?format=api", "vulnerability_id": "VCID-gjsd-1tdx-yyff", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1727.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1727.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39964", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40134", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40157", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1727" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1727" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800573", "reference_id": "1800573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800573" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1727", "reference_id": "CVE-2020-1727", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5625", "reference_id": "RHSA-2020:5625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5625" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/456213?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@9.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2" } ], "aliases": [ "CVE-2020-1727" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjsd-1tdx-yyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207732?format=api", "vulnerability_id": "VCID-h6ky-xtx2-augv", "summary": "Cross-site Scripting in keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50841", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50989", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50973", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776", "reference_id": "CVE-2020-10776", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776" }, { "reference_url": "https://github.com/advisories/GHSA-484q-784p-8m5h", "reference_id": "GHSA-484q-784p-8m5h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-484q-784p-8m5h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4929", "reference_id": "RHSA-2020:4929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4930", "reference_id": "RHSA-2020:4930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4932", "reference_id": "RHSA-2020:4932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19014?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-gxku-5esb-1qct" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0" } ], "aliases": [ "CVE-2020-10776", "GHSA-484q-784p-8m5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6ky-xtx2-augv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212055?format=api", "vulnerability_id": "VCID-hx5h-m1z3-tfaj", "summary": "Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)", "references": [ { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4540", "reference_id": "CVE-2024-4540", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4540" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540", "reference_id": "CVE-2024-4540", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540" }, { "reference_url": "https://github.com/advisories/GHSA-4vrx-8phj-x3mg", "reference_id": "GHSA-4vrx-8phj-x3mg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vrx-8phj-x3mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31891?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5" } ], "aliases": [ "GHSA-4vrx-8phj-x3mg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hx5h-m1z3-tfaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208999?format=api", "vulnerability_id": "VCID-j73m-qf3g-dqdp", "summary": "Keycloak vulnerable to privilege escalation on Token Exchange feature", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62751", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62637", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62739", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1245" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071036", "reference_id": "2071036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071036" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1245", "reference_id": "CVE-2022-1245", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1245" }, { "reference_url": "https://github.com/advisories/GHSA-75p6-52g3-rqc8", "reference_id": "GHSA-75p6-52g3-rqc8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75p6-52g3-rqc8" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8", "reference_id": "GHSA-75p6-52g3-rqc8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1709", "reference_id": "RHSA-2022:1709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1711", "reference_id": "RHSA-2022:1711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1711" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1712", "reference_id": "RHSA-2022:1712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1712" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1713", "reference_id": "RHSA-2022:1713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20307?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0" } ], "aliases": [ "CVE-2022-1245", "GHSA-75p6-52g3-rqc8", "GMS-2022-1039" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j73m-qf3g-dqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211253?format=api", "vulnerability_id": "VCID-kdwj-wspq-1ket", "summary": "Keycloak has Files or Directories Accessible to External Parties", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58963", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.58952", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00364", "scoring_system": "epss", "scoring_elements": "0.5884", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8588", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8588" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-19422", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-19422" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3856", "reference_id": "CVE-2021-3856", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3856" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3856", "reference_id": "CVE-2021-3856", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3856" }, { "reference_url": "https://github.com/advisories/GHSA-3w4v-rvc4-2xpw", "reference_id": "GHSA-3w4v-rvc4-2xpw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3w4v-rvc4-2xpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/533802?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0" } ], "aliases": [ "CVE-2021-3856", "GHSA-3w4v-rvc4-2xpw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdwj-wspq-1ket" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197253?format=api", "vulnerability_id": "VCID-kyss-1ab7-77ef", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4215", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42337", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42315", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7976", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7976" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3513", "reference_id": "CVE-2021-3513", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3513" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513", "reference_id": "CVE-2021-3513", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513" }, { "reference_url": "https://github.com/advisories/GHSA-xv7h-95r7-595j", "reference_id": "GHSA-xv7h-95r7-595j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7h-95r7-595j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/478132?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2021-3513", "GHSA-xv7h-95r7-595j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyss-1ab7-77ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96323?format=api", "vulnerability_id": "VCID-mhqj-fy58-6fd6", "summary": "A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02584", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0259", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02592", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12150" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/35110", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/35110" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/43723", "reference_id": "43723", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/43723" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12150", "reference_id": "CVE-2025-12150", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12150" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150", "reference_id": "CVE-2025-12150", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150" }, { "reference_url": "https://github.com/advisories/GHSA-7g5x-9c4v-4w5r", "reference_id": "GHSA-7g5x-9c4v-4w5r", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g5x-9c4v-4w5r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "RHSA-2025:21370", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "RHSA-2025:21371", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "RHSA-2025:22088", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "RHSA-2025:22089", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192", "reference_id": "show_bug.cgi?id=2406192", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39957?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4" } ], "aliases": [ "CVE-2025-12150", "GHSA-7g5x-9c4v-4w5r" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhqj-fy58-6fd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85663?format=api", "vulnerability_id": "VCID-put6-zqp1-dkhj", "summary": "A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02012", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02008", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3911" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46922", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46922" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/46923", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/46923" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3911", "reference_id": "CVE-2026-3911", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3911" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3911", "reference_id": "CVE-2026-3911", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3911" }, { "reference_url": "https://github.com/advisories/GHSA-xh32-c9wx-phrp", "reference_id": "GHSA-xh32-c9wx-phrp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh32-c9wx-phrp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446392", "reference_id": "show_bug.cgi?id=2446392", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446392" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40702?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-mdys-vw33-uqa1" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-3911", "GHSA-xh32-c9wx-phrp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-put6-zqp1-dkhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208595?format=api", "vulnerability_id": "VCID-pvrr-mmx8-4kg6", "summary": "Cross-site Scripting in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.66054", "scoring_system": "epss", "scoring_elements": "0.98539", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.66054", "scoring_system": "epss", "scoring_elements": "0.98543", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20323" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013577", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013577" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20323", "reference_id": "CVE-2021-20323", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20323" }, { "reference_url": "https://github.com/advisories/GHSA-xpgc-j48j-jwv9", "reference_id": "GHSA-xpgc-j48j-jwv9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpgc-j48j-jwv9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0407", "reference_id": "RHSA-2022:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/546539?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@17.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@17.0.0" } ], "aliases": [ "CVE-2021-20323", "GHSA-xpgc-j48j-jwv9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvrr-mmx8-4kg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64116?format=api", "vulnerability_id": "VCID-r4g2-4531-buaw", "summary": "A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89656", "scoring_system": "epss", "scoring_elements": "0.99585", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.89656", "scoring_system": "epss", "scoring_elements": "0.99584", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3656" }, { "reference_url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1" }, { "reference_url": "https://news.ycombinator.com/item?id=42136000", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://news.ycombinator.com/item?id=42136000" }, { "reference_url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-3656", "reference_id": "CVE-2024-3656", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-3656" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3656", "reference_id": "CVE-2024-3656", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3656" }, { "reference_url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc", "reference_id": "GHSA-2cww-fgmg-4jqc", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://github.com/advisories/GHSA-2cww-fgmg-4jqc" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc", "reference_id": "GHSA-2cww-fgmg-4jqc", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3572", "reference_id": "RHSA-2024:3572", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3575", "reference_id": "RHSA-2024:3575", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403", "reference_id": "show_bug.cgi?id=2274403", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274403" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31891?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5" } ], "aliases": [ "CVE-2024-3656", "GHSA-2cww-fgmg-4jqc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4g2-4531-buaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62982?format=api", "vulnerability_id": "VCID-rpxq-j9uk-2bek", "summary": "A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21519", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21321", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21506", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2419" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-2419", "reference_id": "CVE-2024-2419", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-2419" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2419", "reference_id": "CVE-2024-2419", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2419" }, { "reference_url": "https://github.com/advisories/GHSA-mrv8-pqfj-7gp5", "reference_id": "GHSA-mrv8-pqfj-7gp5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mrv8-pqfj-7gp5" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5", "reference_id": "GHSA-mrv8-pqfj-7gp5", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269371", "reference_id": "show_bug.cgi?id=2269371", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269371" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30416?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/30414?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-2419", "GHSA-mrv8-pqfj-7gp5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpxq-j9uk-2bek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197705?format=api", "vulnerability_id": "VCID-rvcz-9csv-gfb4", "summary": "directory traversal", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60208", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60198", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60091", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14366" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869764", "reference_id": "1869764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869764" }, { "reference_url": "https://security.archlinux.org/AVG-1471", "reference_id": "AVG-1471", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1471" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14366", "reference_id": "CVE-2020-14366", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14366" }, { "reference_url": "https://github.com/advisories/GHSA-cp67-8w3w-6h9c", "reference_id": "GHSA-cp67-8w3w-6h9c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cp67-8w3w-6h9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19014?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-gxku-5esb-1qct" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0" } ], "aliases": [ "CVE-2020-14366", "GHSA-cp67-8w3w-6h9c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvcz-9csv-gfb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/322580?format=api", "vulnerability_id": "VCID-sbyx-da8j-mqfx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2020-14389", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2020-14389" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35293", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35269", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35091", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14389" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14389", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14389" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875843", "reference_id": "1875843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875843" }, { "reference_url": "https://github.com/advisories/GHSA-c9x9-xv66-xp3v", "reference_id": "GHSA-c9x9-xv66-xp3v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9x9-xv66-xp3v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4929", "reference_id": "RHSA-2020:4929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4930", "reference_id": "RHSA-2020:4930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4932", "reference_id": "RHSA-2020:4932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19014?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-gxku-5esb-1qct" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0" } ], "aliases": [ "CVE-2020-14389", "GHSA-c9x9-xv66-xp3v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyx-da8j-mqfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85043?format=api", "vulnerability_id": "VCID-shne-12fw-xfbw", "summary": "A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2603", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45643", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45486", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45635", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2603" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132" }, { "reference_url": "https://github.com/keycloak/keycloak/commits/26.5.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commits/26.5.5" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46911", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46911" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/46932", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/46932" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2603", "reference_id": "CVE-2026-2603", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2603" }, { "reference_url": "https://github.com/advisories/GHSA-x4p7-7chp-64hq", "reference_id": "GHSA-x4p7-7chp-64hq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4p7-7chp-64hq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3925", "reference_id": "RHSA-2026:3925", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3926", "reference_id": "RHSA-2026:3926", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "RHSA-2026:3947", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "RHSA-2026:3948", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300", "reference_id": "show_bug.cgi?id=2440300", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40285?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5" } ], "aliases": [ "CVE-2026-2603", "GHSA-x4p7-7chp-64hq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-shne-12fw-xfbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168944?format=api", "vulnerability_id": "VCID-szvd-anh6-sbeh", "summary": "Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4361.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4361.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.80193", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.80271", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01306", "scoring_system": "epss", "scoring_elements": "0.80254", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4361" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-3p62-6fjh-3p5h", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-3p62-6fjh-3p5h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4361", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4361" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a", "reference_id": "a1cfe6e24e5b34792699a00b8b4a8016a5929e3a", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/" } ], "url": "https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a" }, { "reference_url": "https://github.com/advisories/GHSA-3p62-6fjh-3p5h", "reference_id": "GHSA-3p62-6fjh-3p5h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3p62-6fjh-3p5h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3883", "reference_id": "RHSA-2023:3883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3884", "reference_id": "RHSA-2023:3884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3885", "reference_id": "RHSA-2023:3885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3888", "reference_id": "RHSA-2023:3888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3892", "reference_id": "RHSA-2023:3892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3892" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151618", "reference_id": "show_bug.cgi?id=2151618", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151618" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381744?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@21.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2" } ], "aliases": [ "CVE-2022-4361", "GHSA-3p62-6fjh-3p5h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szvd-anh6-sbeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360491?format=api", "vulnerability_id": "VCID-tazu-5mqv-vfaq", "summary": "Duplicate Advisory: Keycloak hostname verification\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3501", "reference_id": "CVE-2025-3501", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3501" }, { "reference_url": "https://github.com/advisories/GHSA-r934-w73g-v4p8", "reference_id": "GHSA-r934-w73g-v4p8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r934-w73g-v4p8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376299?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-sa2j-p1w2-ebgj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "GHSA-r934-w73g-v4p8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tazu-5mqv-vfaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73439?format=api", "vulnerability_id": "VCID-thtq-yz7t-7kea", "summary": "A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0597", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05955", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05978", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4282" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47719", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4282", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4282" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4282", "reference_id": "CVE-2026-4282", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4282" }, { "reference_url": "https://github.com/advisories/GHSA-hj93-h7pg-fh6v", "reference_id": "GHSA-hj93-h7pg-fh6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hj93-h7pg-fh6v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448061", "reference_id": "show_bug.cgi?id=2448061", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448061" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373606?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-4282", "GHSA-hj93-h7pg-fh6v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-thtq-yz7t-7kea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85391?format=api", "vulnerability_id": "VCID-tjyr-75f3-d7ff", "summary": "A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04256", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04244", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3429" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47069", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47069" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3429", "reference_id": "CVE-2026-3429", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3429" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3429", "reference_id": "CVE-2026-3429", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3429" }, { "reference_url": "https://github.com/advisories/GHSA-8g9r-9wjw-37j4", "reference_id": "GHSA-8g9r-9wjw-37j4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8g9r-9wjw-37j4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443771", "reference_id": "show_bug.cgi?id=2443771", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443771" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373606?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-3429", "GHSA-8g9r-9wjw-37j4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tjyr-75f3-d7ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53959?format=api", "vulnerability_id": "VCID-tukn-mvay-tyb8", "summary": "A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1722.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1722.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42172", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41987", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42151", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1722" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/29603", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/29603" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/29603#issuecomment-2127499627", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/29603#issuecomment-2127499627" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1722", "reference_id": "CVE-2024-1722", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:52:47Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1722" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1722", "reference_id": "CVE-2024-1722", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1722" }, { "reference_url": "https://github.com/advisories/GHSA-cq42-vhv7-xr7p", "reference_id": "GHSA-cq42-vhv7-xr7p", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cq42-vhv7-xr7p" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cq42-vhv7-xr7p", "reference_id": "GHSA-cq42-vhv7-xr7p", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cq42-vhv7-xr7p" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389", "reference_id": "show_bug.cgi?id=2265389", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:52:47Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265389" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32187?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.0" } ], "aliases": [ "CVE-2024-1722", "GHSA-cq42-vhv7-xr7p" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tukn-mvay-tyb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/354856?format=api", "vulnerability_id": "VCID-tyy7-1dkf-uufg", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0264.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0264.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-0264", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02941", "scoring_system": "epss", "scoring_elements": "0.86744", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02941", "scoring_system": "epss", "scoring_elements": "0.86792", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02941", "scoring_system": "epss", "scoring_elements": "0.86803", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0264" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585", "reference_id": "2160585", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "reference_url": "https://github.com/advisories/GHSA-9g98-5mj6-f9mv", "reference_id": "GHSA-9g98-5mj6-f9mv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9g98-5mj6-f9mv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394082?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@19.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@19.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/380902?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@21.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.0.1" } ], "aliases": [ "CVE-2023-0264", "GHSA-9g98-5mj6-f9mv", "GMS-2023-573" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tyy7-1dkf-uufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360744?format=api", "vulnerability_id": "VCID-u1aa-s9ru-w3gf", "summary": "Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/41137", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/41137" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/41168", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/41168" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7784", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7784" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7784", "reference_id": "CVE-2025-7784", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7784" }, { "reference_url": "https://github.com/advisories/GHSA-83j7-mhw9-388w", "reference_id": "GHSA-83j7-mhw9-388w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-83j7-mhw9-388w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/817853?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2" } ], "aliases": [ "GHSA-83j7-mhw9-388w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1aa-s9ru-w3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/127181?format=api", "vulnerability_id": "VCID-u2cc-wm39-4qax", "summary": "A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2369", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23484", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2368", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3501" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/39350", "reference_id": "39350", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/39350" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/39366", "reference_id": "39366", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/39366" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3501", "reference_id": "CVE-2025-3501", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3501" }, { "reference_url": "https://github.com/advisories/GHSA-hw58-3793-42gg", "reference_id": "GHSA-hw58-3793-42gg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hw58-3793-42gg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "RHSA-2025:4335", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "RHSA-2025:4336", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8672", "reference_id": "RHSA-2025:8672", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8690", "reference_id": "RHSA-2025:8690", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834", "reference_id": "show_bug.cgi?id=2358834", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376299?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-sa2j-p1w2-ebgj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "CVE-2025-3501", "GHSA-hw58-3793-42gg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2cc-wm39-4qax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197024?format=api", "vulnerability_id": "VCID-u9df-phf1-83gr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66537", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66643", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66629", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8203", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8203" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-18500", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-18500" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3632", "reference_id": "CVE-2021-3632", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3632" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632", "reference_id": "CVE-2021-3632", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632" }, { "reference_url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr", "reference_id": "GHSA-qpq9-jpv4-6gwr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/533802?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0" } ], "aliases": [ "CVE-2021-3632", "GHSA-qpq9-jpv4-6gwr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9df-phf1-83gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142565?format=api", "vulnerability_id": "VCID-uaxm-zx64-jbas", "summary": "A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01309", "scoring_system": "epss", "scoring_elements": "0.80293", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01309", "scoring_system": "epss", "scoring_elements": "0.80216", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01309", "scoring_system": "epss", "scoring_elements": "0.80277", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6544" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6544", "reference_id": "CVE-2023-6544", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6544" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544", "reference_id": "CVE-2023-6544", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6544" }, { "reference_url": "https://github.com/advisories/GHSA-46c8-635v-68r2", "reference_id": "GHSA-46c8-635v-68r2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46c8-635v-68r2" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2", "reference_id": "GHSA-46c8-635v-68r2", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "RHSA-2024:1860", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "RHSA-2024:1861", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "RHSA-2024:1862", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "RHSA-2024:1864", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "RHSA-2024:1866", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "RHSA-2024:1868", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116", "reference_id": "show_bug.cgi?id=2253116", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253116" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30416?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/30414?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6544", "GHSA-46c8-635v-68r2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uaxm-zx64-jbas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210040?format=api", "vulnerability_id": "VCID-ubx3-wzt9-p3fc", "summary": "Keycloak Authentication Error", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3592", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3593", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3595", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0877" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10894.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10894.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17593", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17575", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17411", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434", "reference_id": "1599434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599434" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894", "reference_id": "CVE-2018-10894", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894" }, { "reference_url": "https://github.com/advisories/GHSA-xvv8-8wh9-9fh2", "reference_id": "GHSA-xvv8-8wh9-9fh2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvv8-8wh9-9fh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22008?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@4.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-49ev-wsaa-4bbn" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-gjsd-1tdx-yyff" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-w5wa-m47v-7fhy" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@4.4.0.Final" } ], "aliases": [ "CVE-2018-10894", "GHSA-xvv8-8wh9-9fh2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubx3-wzt9-p3fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54222?format=api", "vulnerability_id": "VCID-udt9-gs91-8qgw", "summary": "A flaw was found in Keycloak's OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46238", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46246", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46093", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1249" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12", "reference_id": "cpe:/a:redhat:amq_broker:7.12", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1", "reference_id": "cpe:/a:redhat:amq_streams:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8", "reference_id": "cpe:/a:redhat:openshift_serverless:1.33::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1", "reference_id": "cpe:/a:redhat:rhdh:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1249", "reference_id": "CVE-2024-1249", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1249" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", "reference_id": "CVE-2024-1249", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1249" }, { "reference_url": "https://github.com/advisories/GHSA-m6q9-p373-g5q8", "reference_id": "GHSA-m6q9-p373-g5q8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6q9-p373-g5q8" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8", "reference_id": "GHSA-m6q9-p373-g5q8", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1860", "reference_id": "RHSA-2024:1860", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1861", "reference_id": "RHSA-2024:1861", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1862", "reference_id": "RHSA-2024:1862", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1864", "reference_id": "RHSA-2024:1864", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1866", "reference_id": "RHSA-2024:1866", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "RHSA-2024:1868", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2945", "reference_id": "RHSA-2024:2945", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4057", "reference_id": "RHSA-2024:4057", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:4057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", "reference_id": "show_bug.cgi?id=2262918", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30416?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/30414?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2024-1249", "GHSA-m6q9-p373-g5q8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-udt9-gs91-8qgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359709?format=api", "vulnerability_id": "VCID-ugt9-3hnt-jkea", "summary": "Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.", "references": [ { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-10270", "reference_id": "CVE-2024-10270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-10270" }, { "reference_url": "https://github.com/advisories/GHSA-j3x3-r585-4qhg", "reference_id": "GHSA-j3x3-r585-4qhg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j3x3-r585-4qhg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372884?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/372885?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6" } ], "aliases": [ "GHSA-j3x3-r585-4qhg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugt9-3hnt-jkea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/358330?format=api", "vulnerability_id": "VCID-utd3-fu1x-augq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6134", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6134" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02468", "scoring_system": "epss", "scoring_elements": "0.8565", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02468", "scoring_system": "epss", "scoring_elements": "0.85641", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02468", "scoring_system": "epss", "scoring_elements": "0.85589", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6134" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6134" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673", "reference_id": "2249673", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249673" }, { "reference_url": "https://github.com/advisories/GHSA-cvg2-7c3j-g36j", "reference_id": "GHSA-cvg2-7c3j-g36j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cvg2-7c3j-g36j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7854", "reference_id": "RHSA-2023:7854", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7855", "reference_id": "RHSA-2023:7855", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7856", "reference_id": "RHSA-2023:7856", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7857", "reference_id": "RHSA-2023:7857", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7858", "reference_id": "RHSA-2023:7858", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7860", "reference_id": "RHSA-2023:7860", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7861", "reference_id": "RHSA-2023:7861", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0798", "reference_id": "RHSA-2024:0798", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0799", "reference_id": "RHSA-2024:0799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0800", "reference_id": "RHSA-2024:0800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0801", "reference_id": "RHSA-2024:0801", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0804", "reference_id": "RHSA-2024:0804", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30413?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xca5-697n-wkav" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/380138?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3" } ], "aliases": [ "CVE-2023-6134", "GHSA-cvg2-7c3j-g36j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utd3-fu1x-augq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212250?format=api", "vulnerability_id": "VCID-uuj4-raj8-fqhp", "summary": "Duplicate Advisory: Keycloak Open Redirect vulnerability", "references": [ { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8883", "reference_id": "CVE-2024-8883", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8883" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883", "reference_id": "CVE-2024-8883", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883" }, { "reference_url": "https://github.com/advisories/GHSA-vvf8-2h68-9475", "reference_id": "GHSA-vvf8-2h68-9475", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vvf8-2h68-9475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33519?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6" } ], "aliases": [ "GHSA-vvf8-2h68-9475" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uuj4-raj8-fqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73418?format=api", "vulnerability_id": "VCID-uuxm-2f48-3qa5", "summary": "A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01522", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01515", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01519", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4628" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4628", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4628" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4628", "reference_id": "CVE-2026-4628", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4628" }, { "reference_url": "https://github.com/advisories/GHSA-4pgc-gfrr-wcmg", "reference_id": "GHSA-4pgc-gfrr-wcmg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4pgc-gfrr-wcmg" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450240", "reference_id": "show_bug.cgi?id=2450240", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450240" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/975121?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a6bx-hkuu-zkg4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1" } ], "aliases": [ "CVE-2026-4628", "GHSA-4pgc-gfrr-wcmg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uuxm-2f48-3qa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73351?format=api", "vulnerability_id": "VCID-vcjc-hgjb-dqhs", "summary": "A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0748", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07454", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07486", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4634" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47716", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47716" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4634", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4634" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4634", "reference_id": "CVE-2026-4634", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4634" }, { "reference_url": "https://github.com/advisories/GHSA-h4wv-g838-66g3", "reference_id": "GHSA-h4wv-g838-66g3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4wv-g838-66g3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450250", "reference_id": "show_bug.cgi?id=2450250", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450250" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373606?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-4634", "GHSA-h4wv-g838-66g3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcjc-hgjb-dqhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99787?format=api", "vulnerability_id": "VCID-vrhh-6fx6-zqbw", "summary": "A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0163", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01624", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01628", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14082" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14082", "reference_id": "CVE-2025-14082", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14082" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14082", "reference_id": "CVE-2025-14082", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14082" }, { "reference_url": "https://github.com/advisories/GHSA-6q37-7866-h27j", "reference_id": "GHSA-6q37-7866-h27j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6q37-7866-h27j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419078", "reference_id": "show_bug.cgi?id=2419078", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419078" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35987?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ec5w-983u-tbbz" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-hdz7-3722-xfe6" }, { "vulnerability": "VCID-mdys-vw33-uqa1" }, { "vulnerability": "VCID-p11z-217w-r3d3" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-ttpj-h8z5-tfgw" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yfgh-e1hw-1ff7" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0" } ], "aliases": [ "CVE-2025-14082", "GHSA-6q37-7866-h27j" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vrhh-6fx6-zqbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174416?format=api", "vulnerability_id": "VCID-vse8-rcsa-8bg9", "summary": "A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29711", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29496", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29693", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2232" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-2232", "reference_id": "CVE-2022-2232", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-2232" }, { "reference_url": "https://github.com/advisories/GHSA-8hc5-rmgf-qx6p", "reference_id": "GHSA-8hc5-rmgf-qx6p", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8hc5-rmgf-qx6p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0094", "reference_id": "RHSA-2024:0094", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0094" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0095", "reference_id": "RHSA-2024:0095", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0096", "reference_id": "RHSA-2024:0096", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0096" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096994", "reference_id": "show_bug.cgi?id=2096994", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096994" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381262?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.1" } ], "aliases": [ "CVE-2022-2232", "GHSA-8hc5-rmgf-qx6p" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vse8-rcsa-8bg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/324635?format=api", "vulnerability_id": "VCID-w5wa-m47v-7fhy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2020-1744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2020-1744" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41172", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41151", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40984", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805792", "reference_id": "1805792", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805792" }, { "reference_url": "https://github.com/advisories/GHSA-4gf2-xv97-63m2", "reference_id": "GHSA-4gf2-xv97-63m2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4gf2-xv97-63m2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0945", "reference_id": "RHSA-2020:0945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0946", "reference_id": "RHSA-2020:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0947", "reference_id": "RHSA-2020:0947", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0951", "reference_id": "RHSA-2020:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/456213?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@9.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2" } ], "aliases": [ "CVE-2020-1744", "GHSA-4gf2-xv97-63m2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5wa-m47v-7fhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142637?format=api", "vulnerability_id": "VCID-wfeg-6241-cucs", "summary": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39694", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39499", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3967", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1", "reference_id": "cpe:/a:redhat:serverless:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6291", "reference_id": "CVE-2023-6291", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "reference_url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "GHSA-mpwq-j3xf-7m5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7854", "reference_id": "RHSA-2023:7854", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7855", "reference_id": "RHSA-2023:7855", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7856", "reference_id": "RHSA-2023:7856", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7857", "reference_id": "RHSA-2023:7857", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7858", "reference_id": "RHSA-2023:7858", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7860", "reference_id": "RHSA-2023:7860", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7861", "reference_id": "RHSA-2023:7861", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0798", "reference_id": "RHSA-2024:0798", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0799", "reference_id": "RHSA-2024:0799", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0800", "reference_id": "RHSA-2024:0800", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0801", "reference_id": "RHSA-2024:0801", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0804", "reference_id": "RHSA-2024:0804", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407", "reference_id": "show_bug.cgi?id=2251407", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30413?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xca5-697n-wkav" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/380138?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@23.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3" } ], "aliases": [ "CVE-2023-6291", "GHSA-mpwq-j3xf-7m5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfeg-6241-cucs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/127088?format=api", "vulnerability_id": "VCID-wrdw-sj1s-bqbd", "summary": "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25128", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24911", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2511", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3910" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/39349", "reference_id": "39349", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/39349" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3910", "reference_id": "CVE-2025-3910", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3910" }, { "reference_url": "https://github.com/advisories/GHSA-5jfq-x6xp-7rw2", "reference_id": "GHSA-5jfq-x6xp-7rw2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5jfq-x6xp-7rw2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "RHSA-2025:4335", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "RHSA-2025:4336", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923", "reference_id": "show_bug.cgi?id=2361923", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376299?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-sa2j-p1w2-ebgj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "CVE-2025-3910", "GHSA-5jfq-x6xp-7rw2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wrdw-sj1s-bqbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73551?format=api", "vulnerability_id": "VCID-wsdh-ap2m-5uat", "summary": "A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14788", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14669", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1479", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4325" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47715", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47715" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4325", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4325" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4325", "reference_id": "CVE-2026-4325", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4325" }, { "reference_url": "https://github.com/advisories/GHSA-rx66-hj7g-28h7", "reference_id": "GHSA-rx66-hj7g-28h7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rx66-hj7g-28h7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6475", "reference_id": "RHSA-2026:6475", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6476", "reference_id": "RHSA-2026:6476", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "RHSA-2026:6477", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "RHSA-2026:6478", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448351", "reference_id": "show_bug.cgi?id=2448351", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448351" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373606?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-4325", "GHSA-rx66-hj7g-28h7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wsdh-ap2m-5uat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84785?format=api", "vulnerability_id": "VCID-wwh9-7awg-h7g6", "summary": "A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09265", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09211", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09264", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2575" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46372", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46372" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2575", "reference_id": "CVE-2026-2575", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2575" }, { "reference_url": "https://github.com/advisories/GHSA-xv6h-r36f-3gp5", "reference_id": "GHSA-xv6h-r36f-3gp5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv6h-r36f-3gp5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "RHSA-2026:3947", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "RHSA-2026:3948", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149", "reference_id": "show_bug.cgi?id=2440149", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374710?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4" } ], "aliases": [ "CVE-2026-2575", "GHSA-xv6h-r36f-3gp5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwh9-7awg-h7g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197025?format=api", "vulnerability_id": "VCID-xg94-29ff-3bcy", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37324", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3712", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37299", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3424" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933320", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933320" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3424", "reference_id": "CVE-2021-3424", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3424" }, { "reference_url": "https://github.com/advisories/GHSA-pf38-cw3p-22q9", "reference_id": "GHSA-pf38-cw3p-22q9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf38-cw3p-22q9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2063", "reference_id": "RHSA-2021:2063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2064", "reference_id": "RHSA-2021:2064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2065", "reference_id": "RHSA-2021:2065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2070", "reference_id": "RHSA-2021:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2070" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20307?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0" } ], "aliases": [ "CVE-2021-3424", "GHSA-pf38-cw3p-22q9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xg94-29ff-3bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142615?format=api", "vulnerability_id": "VCID-xwcc-yenj-mfd3", "summary": "A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter \"prompt=login,\" prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting \"Restart login,\" an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69302", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69198", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.6929", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6787" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6787", "reference_id": "CVE-2023-6787", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6787" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6787", "reference_id": "CVE-2023-6787", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6787" }, { "reference_url": "https://github.com/advisories/GHSA-c9h6-v78w-52wj", "reference_id": "GHSA-c9h6-v78w-52wj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9h6-v78w-52wj" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj", "reference_id": "GHSA-c9h6-v78w-52wj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1867", "reference_id": "RHSA-2024:1867", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1868", "reference_id": "RHSA-2024:1868", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375", "reference_id": "show_bug.cgi?id=2254375", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30416?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/30414?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3" } ], "aliases": [ "CVE-2023-6787", "GHSA-c9h6-v78w-52wj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwcc-yenj-mfd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151134?format=api", "vulnerability_id": "VCID-ybqw-pak9-jkc4", "summary": "A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2422.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55855", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.5572", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55839", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2422" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5c6c55945a384bfd82e51283096204dcb6f63d91", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5c6c55945a384bfd82e51283096204dcb6f63d91" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-3qh5-qqj2-c78f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-3qh5-qqj2-c78f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2422", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2422" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2422", "reference_id": "CVE-2023-2422", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2422" }, { "reference_url": "https://github.com/advisories/GHSA-3qh5-qqj2-c78f", "reference_id": "GHSA-3qh5-qqj2-c78f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3qh5-qqj2-c78f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3883", "reference_id": "RHSA-2023:3883", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3884", "reference_id": "RHSA-2023:3884", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3885", "reference_id": "RHSA-2023:3885", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3888", "reference_id": "RHSA-2023:3888", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3892", "reference_id": "RHSA-2023:3892", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3892" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191668", "reference_id": "show_bug.cgi?id=2191668", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191668" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381744?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@21.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2" } ], "aliases": [ "CVE-2023-2422", "GHSA-3qh5-qqj2-c78f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ybqw-pak9-jkc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47580?format=api", "vulnerability_id": "VCID-yy3c-aejz-1kdv", "summary": "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63931", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63917", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63815", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4629" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4629", "reference_id": "CVE-2024-4629", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4629" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629", "reference_id": "CVE-2024-4629", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629" }, { "reference_url": "https://github.com/advisories/GHSA-gc7q-jgjv-vjr2", "reference_id": "GHSA-gc7q-jgjv-vjr2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc7q-jgjv-vjr2" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2", "reference_id": "GHSA-gc7q-jgjv-vjr2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6493", "reference_id": "RHSA-2024:6493", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6494", "reference_id": "RHSA-2024:6494", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6495", "reference_id": "RHSA-2024:6495", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6497", "reference_id": "RHSA-2024:6497", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6499", "reference_id": "RHSA-2024:6499", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6500", "reference_id": "RHSA-2024:6500", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6501", "reference_id": "RHSA-2024:6501", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761", "reference_id": "show_bug.cgi?id=2276761", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33301?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38vg-nb6g-3kg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/33303?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38vg-nb6g-3kg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33449?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.4" } ], "aliases": [ "CVE-2024-4629", "GHSA-gc7q-jgjv-vjr2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy3c-aejz-1kdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197256?format=api", "vulnerability_id": "VCID-z8cr-qt2v-rkgn", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85144", "scoring_system": "epss", "scoring_elements": "0.99377", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.85144", "scoring_system": "epss", "scoring_elements": "0.99376", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.85144", "scoring_system": "epss", "scoring_elements": "0.99374", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27838" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906797", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906797" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7790", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7790" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27838", "reference_id": "CVE-2020-27838", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27838" }, { "reference_url": "https://github.com/advisories/GHSA-pcv5-m2wh-66j3", "reference_id": "GHSA-pcv5-m2wh-66j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcv5-m2wh-66j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/478132?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0" } ], "aliases": [ "CVE-2020-27838", "GHSA-pcv5-m2wh-66j3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8cr-qt2v-rkgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78803?format=api", "vulnerability_id": "VCID-zjcz-6z84-6ub3", "summary": "A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06784", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06775", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06793", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1190" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45646", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45646" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1190", "reference_id": "CVE-2026-1190", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1190" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190", "reference_id": "CVE-2026-1190", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190" }, { "reference_url": "https://github.com/advisories/GHSA-63v5-26vq-m4vm", "reference_id": "GHSA-63v5-26vq-m4vm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-63v5-26vq-m4vm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "RHSA-2026:3947", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "RHSA-2026:3948", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835", "reference_id": "show_bug.cgi?id=2430835", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39005?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3" } ], "aliases": [ "CVE-2026-1190", "GHSA-63v5-26vq-m4vm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zjcz-6z84-6ub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207726?format=api", "vulnerability_id": "VCID-ztxp-j5gt-4qdb", "summary": "Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49187", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4905", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49205", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1758" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-13285", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-13285" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514", "reference_id": "1812514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758", "reference_id": "CVE-2020-1758", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758" }, { "reference_url": "https://github.com/advisories/GHSA-c597-f74m-jgc2", "reference_id": "GHSA-c597-f74m-jgc2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c597-f74m-jgc2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392341?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j4m-w46h-zkhq" }, { "vulnerability": "VCID-1mxe-pmc8-63aw" }, { "vulnerability": "VCID-1z6p-w7um-2kbf" }, { "vulnerability": "VCID-32db-rsf2-h7hm" }, { "vulnerability": "VCID-38vg-nb6g-3kg8" }, { "vulnerability": "VCID-39yc-g31q-u7gt" }, { "vulnerability": "VCID-3mcs-n479-zydu" }, { "vulnerability": "VCID-42w4-65kp-f7dy" }, { "vulnerability": "VCID-4b67-9tus-s7ds" }, { "vulnerability": "VCID-4taw-3r2y-eud6" }, { "vulnerability": "VCID-4uf3-t2q9-5fcp" }, { "vulnerability": "VCID-4y2p-6e9v-ufh7" }, { "vulnerability": "VCID-5cfv-kzxe-3qg4" }, { "vulnerability": "VCID-5gut-s9z6-u3gs" }, { "vulnerability": "VCID-6fwf-utem-8bgx" }, { "vulnerability": "VCID-6j4h-u22h-cubz" }, { "vulnerability": "VCID-6t42-926q-3bhd" }, { "vulnerability": "VCID-6vfq-3vub-zbdc" }, { "vulnerability": "VCID-76xj-44n8-gfa4" }, { "vulnerability": "VCID-7xus-anmm-9ba3" }, { "vulnerability": "VCID-82aq-wymj-ekby" }, { "vulnerability": "VCID-85r1-z7c6-6bcb" }, { "vulnerability": "VCID-8baa-m4rc-aqh5" }, { "vulnerability": "VCID-8fsf-kear-tyb2" }, { "vulnerability": "VCID-8ga9-uqff-rfdw" }, { "vulnerability": "VCID-a6bx-hkuu-zkg4" }, { "vulnerability": "VCID-any2-t2rb-f3bz" }, { "vulnerability": "VCID-b7ak-4hjc-xuhh" }, { "vulnerability": "VCID-b8bu-q83t-mqgu" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-cmpj-geab-aqc4" }, { "vulnerability": "VCID-czza-hz45-5ka6" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-ecc8-b6za-vqds" }, { "vulnerability": "VCID-ejyg-88gf-sfbh" }, { "vulnerability": "VCID-epvz-duxp-tyf7" }, { "vulnerability": "VCID-f2m5-cwr1-ryc1" }, { "vulnerability": "VCID-feud-rr2t-tyfx" }, { "vulnerability": "VCID-fmep-x7k1-37aj" }, { "vulnerability": "VCID-fv39-cmv1-53bs" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hx5h-m1z3-tfaj" }, { "vulnerability": "VCID-j73m-qf3g-dqdp" }, { "vulnerability": "VCID-kdwj-wspq-1ket" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mhqj-fy58-6fd6" }, { "vulnerability": "VCID-put6-zqp1-dkhj" }, { "vulnerability": "VCID-pvrr-mmx8-4kg6" }, { "vulnerability": "VCID-r4g2-4531-buaw" }, { "vulnerability": "VCID-rpxq-j9uk-2bek" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-sbyx-da8j-mqfx" }, { "vulnerability": "VCID-shne-12fw-xfbw" }, { "vulnerability": "VCID-szvd-anh6-sbeh" }, { "vulnerability": "VCID-tazu-5mqv-vfaq" }, { "vulnerability": "VCID-thtq-yz7t-7kea" }, { "vulnerability": "VCID-tjyr-75f3-d7ff" }, { "vulnerability": "VCID-tukn-mvay-tyb8" }, { "vulnerability": "VCID-tyy7-1dkf-uufg" }, { "vulnerability": "VCID-u1aa-s9ru-w3gf" }, { "vulnerability": "VCID-u2cc-wm39-4qax" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-uaxm-zx64-jbas" }, { "vulnerability": "VCID-udt9-gs91-8qgw" }, { "vulnerability": "VCID-ugt9-3hnt-jkea" }, { "vulnerability": "VCID-utd3-fu1x-augq" }, { "vulnerability": "VCID-uuj4-raj8-fqhp" }, { "vulnerability": "VCID-uuxm-2f48-3qa5" }, { "vulnerability": "VCID-vcjc-hgjb-dqhs" }, { "vulnerability": "VCID-vrhh-6fx6-zqbw" }, { "vulnerability": "VCID-vse8-rcsa-8bg9" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wrdw-sj1s-bqbd" }, { "vulnerability": "VCID-wsdh-ap2m-5uat" }, { "vulnerability": "VCID-wwh9-7awg-h7g6" }, { "vulnerability": "VCID-xg94-29ff-3bcy" }, { "vulnerability": "VCID-xwcc-yenj-mfd3" }, { "vulnerability": "VCID-ybqw-pak9-jkc4" }, { "vulnerability": "VCID-yy3c-aejz-1kdv" }, { "vulnerability": "VCID-z8cr-qt2v-rkgn" }, { "vulnerability": "VCID-zjcz-6z84-6ub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@10.0.0" } ], "aliases": [ "CVE-2020-1758", "GHSA-c597-f74m-jgc2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxp-j5gt-4qdb" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@2.4.0.Final" }