Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/47696?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/47696?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.4", "type": "maven", "namespace": "org.keycloak", "name": "keycloak-services", "version": "25.0.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28750?format=api", "vulnerability_id": "VCID-2dgp-xdrz-q7dv", "summary": "Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15336", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15337", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15338", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15339", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15339" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-8419" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419" }, { "reference_url": "https://github.com/advisories/GHSA-qj5r-2r5p-phc7", "reference_id": "GHSA-qj5r-2r5p-phc7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qj5r-2r5p-phc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63861?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3" } ], "aliases": [ "GHSA-qj5r-2r5p-phc7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgp-xdrz-q7dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29765?format=api", "vulnerability_id": "VCID-5f8r-n4mm-y3g6", "summary": "Keycloak phishing attack via email verification step in first login flow\nThere is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to \"review profile\" information, which allows the the attacker to modify their email address to that of a victim's account. This triggers a verification email sent to the victim's email address. If the victim clicks the verification link, the attacker can gain access to the victim's account. While not a zero-interaction attack, the attacker's email address is not directly present in the verification email content, making it a potential phishing opportunity. \n\nThis issue has been fixed in versions 26.0.13, 26.2.6, and 26.3.0.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11986", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11987", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12015", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12016", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12016" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7365" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02484", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02498", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03399", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03357", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03291", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03267", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03277", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03362", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03382", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03341", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/40446", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/40446" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/40520", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/40520" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.0.13" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.2.6" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://github.com/advisories/GHSA-xhpr-465j-7p9q", "reference_id": "GHSA-xhpr-465j-7p9q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xhpr-465j-7p9q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70508?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/756332?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-by72-dvnw-m3gu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-edwz-rqc3-fqa2" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/70509?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63858?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-8vzz-naas-a7ab" }, { "vulnerability": "VCID-epcy-krft-z7d4" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-jsvn-26y8-q3ey" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-tc9b-zzjt-63c7" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2025-7365", "GHSA-xhpr-465j-7p9q" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5f8r-n4mm-y3g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20361?format=api", "vulnerability_id": "VCID-5vwq-aqk5-nkh9", "summary": "Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods\nA flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1190", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1190" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03614", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04608", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04549", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0454", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04564", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0458", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04557", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04592", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05153", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45646", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45646" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-63v5-26vq-m4vm", "reference_id": "GHSA-63v5-26vq-m4vm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-63v5-26vq-m4vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62643?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3" } ], "aliases": [ "CVE-2026-1190", "GHSA-63v5-26vq-m4vm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vwq-aqk5-nkh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21994?format=api", "vulnerability_id": "VCID-5zh4-963a-q3gp", "summary": "Keycloak vulnerable to session takeovers due to reuse of session identifiers\nA flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0135", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03162", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03093", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03069", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03057", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03033", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03043", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12390" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406793", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406793" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80" }, { "reference_url": "https://github.com/keycloak/keycloak/discussions/31265", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/discussions/31265" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/32197", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/32197" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/43853", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/43853" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12390", "reference_id": "CVE-2025-12390", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12390" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12390", "reference_id": "CVE-2025-12390", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12390" }, { "reference_url": "https://github.com/advisories/GHSA-rg35-5v25-mqvp", "reference_id": "GHSA-rg35-5v25-mqvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg35-5v25-mqvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64592?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-by72-dvnw-m3gu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-pjgz-fa5h-tkfh" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-vstv-ec14-quc5" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0" } ], "aliases": [ "CVE-2025-12390", "GHSA-rg35-5v25-mqvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh4-963a-q3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13396?format=api", "vulnerability_id": "VCID-6hy1-r23s-cbhy", "summary": "Duplicate Advisory: Keycloak Open Redirect vulnerability\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-w8gr-xwp4-r9f7. This link is maintained to preserve external references.\n\n# Original Description\nA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10386", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6878", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6880", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6882", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6886", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6887", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6889", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6890", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8823", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8824", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8826", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8826" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8883", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8883" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883" }, { "reference_url": "https://github.com/advisories/GHSA-vvf8-2h68-9475", "reference_id": "GHSA-vvf8-2h68-9475", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vvf8-2h68-9475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42661?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-5zh4-963a-q3gp" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-by72-dvnw-m3gu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-pjgz-fa5h-tkfh" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-vstv-ec14-quc5" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6" } ], "aliases": [ "GHSA-vvf8-2h68-9475" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hy1-r23s-cbhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24604?format=api", "vulnerability_id": "VCID-7c1j-kcbb-v3f1", "summary": "Keycloak: Information disclosure of disabled user attributes via administrative endpoint\nA flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3911", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3911" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01414", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01407", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01402", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01254", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01408", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01413", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01857", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01786", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01775", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01773", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3911" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446392", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446392" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46922", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46922" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/46923", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/46923" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3911", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3911" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://github.com/advisories/GHSA-xh32-c9wx-phrp", "reference_id": "GHSA-xh32-c9wx-phrp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh32-c9wx-phrp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68053?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a5d9-k9vd-fyfe" }, { "vulnerability": "VCID-mdkf-3bgs-w7dm" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-ugtk-3bjv-s3a4" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6" } ], "aliases": [ "CVE-2026-3911", "GHSA-xh32-c9wx-phrp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7c1j-kcbb-v3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25425?format=api", "vulnerability_id": "VCID-bhrr-nn9f-7udu", "summary": "Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3910" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910" }, { "reference_url": "https://github.com/advisories/GHSA-fx44-2wx5-5fvp", "reference_id": "GHSA-fx44-2wx5-5fvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fx44-2wx5-5fvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68509?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-9f1k-z7z2-d7cc" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "GHSA-fx44-2wx5-5fvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhrr-nn9f-7udu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29220?format=api", "vulnerability_id": "VCID-by72-dvnw-m3gu", "summary": "Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache\nA flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-2559", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-2559" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.2946", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29508", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.2961", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29612", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29567", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29533", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29505", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29637", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29687", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2559" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2559", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2559" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-2935-2wfm-hhpv", "reference_id": "GHSA-2935-2wfm-hhpv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2935-2wfm-hhpv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/756334?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5" } ], "aliases": [ "CVE-2025-2559", "GHSA-2935-2wfm-hhpv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-by72-dvnw-m3gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25290?format=api", "vulnerability_id": "VCID-cdsa-wmby-ebbq", "summary": "Duplicate Advisory: Keycloak hostname verification\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8672", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8690", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8690" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501" }, { "reference_url": "https://github.com/advisories/GHSA-r934-w73g-v4p8", "reference_id": "GHSA-r934-w73g-v4p8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r934-w73g-v4p8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68509?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-9f1k-z7z2-d7cc" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "GHSA-r934-w73g-v4p8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdsa-wmby-ebbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25494?format=api", "vulnerability_id": "VCID-d2rd-6u56-yfd8", "summary": "Keycloak vulnerable to two factor authentication bypass\n# Description\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3910" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22124", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22336", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22204", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22258", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22277", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22175", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22169", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3910" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/39349", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/39349" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3910" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://github.com/advisories/GHSA-5jfq-x6xp-7rw2", "reference_id": "GHSA-5jfq-x6xp-7rw2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5jfq-x6xp-7rw2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68509?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-9f1k-z7z2-d7cc" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "CVE-2025-3910", "GHSA-5jfq-x6xp-7rw2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2rd-6u56-yfd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11895?format=api", "vulnerability_id": "VCID-d6ku-ys87-cqh4", "summary": "Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect\nA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10386", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6878", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6880", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6882", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6886", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6887", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6889", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6890", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8823", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8824", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8826", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8826" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8883", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8883" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89848", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89801", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89815", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89819", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89836", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89849", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89847", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.8984", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89854", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05107", "scoring_system": "epss", "scoring_elements": "0.89855", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8883" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/" } ], "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8883" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://github.com/advisories/GHSA-w8gr-xwp4-r9f7", "reference_id": "GHSA-w8gr-xwp4-r9f7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w8gr-xwp4-r9f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42661?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-5zh4-963a-q3gp" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-by72-dvnw-m3gu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-pjgz-fa5h-tkfh" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-vstv-ec14-quc5" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6" } ], "aliases": [ "CVE-2024-8883", "GHSA-w8gr-xwp4-r9f7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6ku-ys87-cqh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25446?format=api", "vulnerability_id": "VCID-e4ub-v4ef-affb", "summary": "Keycloak hostname verification\nA flaw was found in Keycloak. By setting a verification policy to 'ANY', the trust store certificate verification is skipped, which is unintended.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4335", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4336", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4336" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3501" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25849", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26058", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26099", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25867", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25936", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25988", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25998", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25954", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25895", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25898", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25879", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358834" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/39350", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/39350" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/39366", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/39366" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3501" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-hw58-3793-42gg", "reference_id": "GHSA-hw58-3793-42gg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hw58-3793-42gg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68509?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-9f1k-z7z2-d7cc" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2" } ], "aliases": [ "CVE-2025-3501", "GHSA-hw58-3793-42gg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ub-v4ef-affb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11775?format=api", "vulnerability_id": "VCID-ezqk-pyhr-5ffj", "summary": "Keycloak has session fixation in Elytron SAML adapters\nA session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6493", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6494", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6495", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6499", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6500", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6501", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6502", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6503", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6503" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7341", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7341" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82471", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.8243", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82448", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82444", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82478", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82492", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82487", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82524", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01738", "scoring_system": "epss", "scoring_elements": "0.82525", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02246", "scoring_system": "epss", "scoring_elements": "0.84596", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7341" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7341", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7341" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://github.com/advisories/GHSA-5rxp-2rhr-qwqv", "reference_id": "GHSA-5rxp-2rhr-qwqv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5rxp-2rhr-qwqv" }, { "reference_url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv", "reference_id": "GHSA-j76j-rqwj-jmvv", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/" } ], "url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42271?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-5zh4-963a-q3gp" }, { "vulnerability": "VCID-6hy1-r23s-cbhy" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-by72-dvnw-m3gu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-d6ku-ys87-cqh4" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-pjgz-fa5h-tkfh" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-vstv-ec14-quc5" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.5" } ], "aliases": [ "CVE-2024-7341", "GHSA-5rxp-2rhr-qwqv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezqk-pyhr-5ffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21430?format=api", "vulnerability_id": "VCID-gnxr-2t9g-4ye4", "summary": "Keycloak SMTP Inject Vulnerability\nSpecial characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15336", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15338", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15339", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15339" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05423", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05458", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05415", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05384", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05478", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06059", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05941", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05932", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05897", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05908", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-8419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2385776" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0", "reference_id": "cpe:/a:redhat:build_keycloak:26.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2", "reference_id": "cpe:/a:redhat:build_keycloak:26.2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-8419" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419", "reference_id": "CVE-2025-8419", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8419" }, { "reference_url": "https://github.com/advisories/GHSA-m4j5-5x4r-2xp9", "reference_id": "GHSA-m4j5-5x4r-2xp9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4j5-5x4r-2xp9" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9", "reference_id": "GHSA-m4j5-5x4r-2xp9", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63859?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/63861?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3" } ], "aliases": [ "CVE-2025-8419", "GHSA-m4j5-5x4r-2xp9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnxr-2t9g-4ye4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24709?format=api", "vulnerability_id": "VCID-gzz6-md9v-b3em", "summary": "Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator\nA security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3009" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07718", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07686", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09121", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0909", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09076", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08971", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09009", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0895", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09103", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0912", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09089", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3009" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46911", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46911" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.5.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.5.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-m297-3jv9-m927", "reference_id": "GHSA-m297-3jv9-m927", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m297-3jv9-m927" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67983?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-c1zj-whnw-1qf6" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-tc9b-zzjt-63c7" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5" } ], "aliases": [ "CVE-2026-3009", "GHSA-m297-3jv9-m927" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzz6-md9v-b3em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20891?format=api", "vulnerability_id": "VCID-m3uj-4mag-kbf2", "summary": "Keycloak: Missing Check on Disabled Client for Docker Registry Protocol\nA flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2733", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2733" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12763", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12873", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12924", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12727", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12807", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12823", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12787", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12741", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12643", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12651", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46462", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46462" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-fjf4-6f34-w64q", "reference_id": "GHSA-fjf4-6f34-w64q", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fjf4-6f34-w64q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66186?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4" } ], "aliases": [ "CVE-2026-2733", "GHSA-fjf4-6f34-w64q" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3uj-4mag-kbf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29770?format=api", "vulnerability_id": "VCID-mku9-3bpp-aqbk", "summary": "Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12015", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12016", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12016" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7784", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7784" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/41137", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/41137" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/41168", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/41168" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7784", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7784" }, { "reference_url": "https://github.com/advisories/GHSA-83j7-mhw9-388w", "reference_id": "GHSA-83j7-mhw9-388w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-83j7-mhw9-388w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/570711?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2" } ], "aliases": [ "GHSA-83j7-mhw9-388w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mku9-3bpp-aqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29845?format=api", "vulnerability_id": "VCID-nxhc-rp71-hbdk", "summary": "Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11986", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11987", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12015", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12015" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12016", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12016" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378852" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/40446", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/40446" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/40520", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/40520" }, { "reference_url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/releases/tag/26.3.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7365" }, { "reference_url": "https://github.com/advisories/GHSA-gj52-35xm-gxjh", "reference_id": "GHSA-gj52-35xm-gxjh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj52-35xm-gxjh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63858?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-8vzz-naas-a7ab" }, { "vulnerability": "VCID-epcy-krft-z7d4" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-jsvn-26y8-q3ey" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-tc9b-zzjt-63c7" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "GHSA-gj52-35xm-gxjh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxhc-rp71-hbdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17557?format=api", "vulnerability_id": "VCID-pjgz-fa5h-tkfh", "summary": "org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10176", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10177", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10178" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-10270" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25064", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25053", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25107", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25148", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25133", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25056", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25028", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37216", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37165", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37337", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-10270" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24", "reference_id": "cpe:/a:redhat:build_keycloak:24", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9", "reference_id": "cpe:/a:redhat:build_keycloak:24::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26", "reference_id": "cpe:/a:redhat:build_keycloak:26", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-wq8x-cg39-8mrr", "reference_id": "GHSA-wq8x-cg39-8mrr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq8x-cg39-8mrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57134?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-by72-dvnw-m3gu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6" } ], "aliases": [ "CVE-2024-10270", "GHSA-wq8x-cg39-8mrr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjgz-fa5h-tkfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25023?format=api", "vulnerability_id": "VCID-qgbq-s33g-d7af", "summary": "Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API\nA flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3429", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3429" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16588", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16673", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16727", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16989", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19015", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19091", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19038", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.18994", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19006", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3429" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443771", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443771" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/47069", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/47069" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3429", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3429" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-8g9r-9wjw-37j4", "reference_id": "GHSA-8g9r-9wjw-37j4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8g9r-9wjw-37j4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994303?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cf37-8d6y-r3d5" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7" } ], "aliases": [ "CVE-2026-3429", "GHSA-8g9r-9wjw-37j4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgbq-s33g-d7af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21942?format=api", "vulnerability_id": "VCID-uuf2-u7xh-uuef", "summary": "Keycloak does not invalidate offline sessions when the offline_access scope is removed\nA flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17457", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17639", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17685", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17403", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17556", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17569", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17522", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17411", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17422", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12110" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406033" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/43790", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://github.com/keycloak/keycloak/pull/43790" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12110", "reference_id": "CVE-2025-12110", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12110" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12110", "reference_id": "CVE-2025-12110", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12110" }, { "reference_url": "https://github.com/advisories/GHSA-895x-rfqp-jh5c", "reference_id": "GHSA-895x-rfqp-jh5c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-895x-rfqp-jh5c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64519?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-9f1k-z7z2-d7cc" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3" } ], "aliases": [ "CVE-2025-12110", "GHSA-895x-rfqp-jh5c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uuf2-u7xh-uuef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20510?format=api", "vulnerability_id": "VCID-ver5-9t6m-c3ef", "summary": "Keycloak Admin REST API exposes backend schema and rules\nA flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14083", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14083" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10165", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10894", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10994", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10819", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10947", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1077", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10893", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10915", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10948", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14083" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419086", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419086" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45493", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45493" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14083", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14083" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-594w-2fwp-jwrc", "reference_id": "GHSA-594w-2fwp-jwrc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-594w-2fwp-jwrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63858?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-8vzz-naas-a7ab" }, { "vulnerability": "VCID-epcy-krft-z7d4" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-jsvn-26y8-q3ey" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-tc9b-zzjt-63c7" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2025-14083", "GHSA-594w-2fwp-jwrc" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ver5-9t6m-c3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17283?format=api", "vulnerability_id": "VCID-vstv-ec14-quc5", "summary": "Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10175", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10176", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10176" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10177", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:10178" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-10270" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321214" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10270" }, { "reference_url": "https://github.com/advisories/GHSA-j3x3-r585-4qhg", "reference_id": "GHSA-j3x3-r585-4qhg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3x3-r585-4qhg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57134?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-by72-dvnw-m3gu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6" } ], "aliases": [ "GHSA-j3x3-r585-4qhg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vstv-ec14-quc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20419?format=api", "vulnerability_id": "VCID-w5f1-xryr-fucq", "summary": "Keycloak does not validate and update refresh token usage atomically\nA flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1035", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1035" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01295", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01204", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01219", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01228", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01234", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01237", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01214", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01209", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01222", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430314", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430314" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/45647", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/45647" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1035", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1035" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-m2w5-7xhv-w6fh", "reference_id": "GHSA-m2w5-7xhv-w6fh", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m2w5-7xhv-w6fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63858?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-8vzz-naas-a7ab" }, { "vulnerability": "VCID-epcy-krft-z7d4" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-jsvn-26y8-q3ey" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-tc9b-zzjt-63c7" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0" } ], "aliases": [ "CVE-2026-1035", "GHSA-m2w5-7xhv-w6fh" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5f1-xryr-fucq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21394?format=api", "vulnerability_id": "VCID-x4aw-v76q-vbdc", "summary": "Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass\nA flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21370", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21371", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21371" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22088", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22089", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:22089" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-12150", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-12150" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01613", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01604", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01627", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01619", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01591", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01605", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01695", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01603", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-12150" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/35110", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/35110" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/43723", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/43723" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-7g5x-9c4v-4w5r", "reference_id": "GHSA-7g5x-9c4v-4w5r", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g5x-9c4v-4w5r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63794?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4" } ], "aliases": [ "CVE-2025-12150", "GHSA-7g5x-9c4v-4w5r" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4aw-v76q-vbdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23328?format=api", "vulnerability_id": "VCID-xd7x-aevv-cfcp", "summary": "Keycloak: Denial of Service due to excessive SAMLRequest decompression\nA flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2575" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08543", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08537", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08393", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08531", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08517", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08475", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08376", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08501", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13136", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46372", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46372" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-xv6h-r36f-3gp5", "reference_id": "GHSA-xv6h-r36f-3gp5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv6h-r36f-3gp5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66186?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4" } ], "aliases": [ "CVE-2026-2575", "GHSA-xv6h-r36f-3gp5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xd7x-aevv-cfcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23854?format=api", "vulnerability_id": "VCID-xfnw-15sz-zyfr", "summary": "Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions\nA flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6477", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6478", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6478" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01382", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01613", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01605", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01607", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01604", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02187", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02116", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02087", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.021", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14082" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419078", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419078" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-14082", "reference_id": "CVE-2025-14082", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-14082" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14082", "reference_id": "CVE-2025-14082", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14082" }, { "reference_url": "https://github.com/advisories/GHSA-6q37-7866-h27j", "reference_id": "GHSA-6q37-7866-h27j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6q37-7866-h27j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66886?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-8vzz-naas-a7ab" }, { "vulnerability": "VCID-a5d9-k9vd-fyfe" }, { "vulnerability": "VCID-baux-3v7g-tucw" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-j5bq-q689-qbg3" }, { "vulnerability": "VCID-jsvn-26y8-q3ey" }, { "vulnerability": "VCID-khfk-1gas-vfan" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-tc9b-zzjt-63c7" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0" } ], "aliases": [ "CVE-2025-14082", "GHSA-6q37-7866-h27j" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfnw-15sz-zyfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25142?format=api", "vulnerability_id": "VCID-y1h3-yyn9-53fr", "summary": "Keycloak: Unauthorized authentication via disabled SAML Identity Provider\nA flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3925", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3926", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2603", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2603" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2603", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.3858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38518", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38444", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38556", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.4543", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45482", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45478", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4948", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2603" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/46911", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/46911" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/46932", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/46932" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://github.com/advisories/GHSA-x4p7-7chp-64hq", "reference_id": "GHSA-x4p7-7chp-64hq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4p7-7chp-64hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066759?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@26.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdkf-3bgs-w7dm" }, { "vulnerability": "VCID-ugtk-3bjv-s3a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0" } ], "aliases": [ "CVE-2026-2603", "GHSA-x4p7-7chp-64hq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13359?format=api", "vulnerability_id": "VCID-ysyw-rgyv-bkhj", "summary": "Keycloak Services has a potential bypass of brute force protection\nIf an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6493", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6494", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6495", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6499", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6500", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6501", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6501" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-4629", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-4629" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00444", "scoring_system": "epss", "scoring_elements": "0.63405", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.77975", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.78009", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.77973", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.77991", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.77923", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.77951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.77933", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.7796", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.77964", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.78008", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4629" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://github.com/advisories/GHSA-gc7q-jgjv-vjr2", "reference_id": "GHSA-gc7q-jgjv-vjr2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc7q-jgjv-vjr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42265?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@22.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d6ku-ys87-cqh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/42268?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@24.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d6ku-ys87-cqh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/47696?format=api", "purl": "pkg:maven/org.keycloak/keycloak-services@25.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dgp-xdrz-q7dv" }, { "vulnerability": "VCID-5f8r-n4mm-y3g6" }, { "vulnerability": "VCID-5vwq-aqk5-nkh9" }, { "vulnerability": "VCID-5zh4-963a-q3gp" }, { "vulnerability": "VCID-6hy1-r23s-cbhy" }, { "vulnerability": "VCID-7c1j-kcbb-v3f1" }, { "vulnerability": "VCID-bhrr-nn9f-7udu" }, { "vulnerability": "VCID-by72-dvnw-m3gu" }, { "vulnerability": "VCID-cdsa-wmby-ebbq" }, { "vulnerability": "VCID-d2rd-6u56-yfd8" }, { "vulnerability": "VCID-d6ku-ys87-cqh4" }, { "vulnerability": "VCID-e4ub-v4ef-affb" }, { "vulnerability": "VCID-ezqk-pyhr-5ffj" }, { "vulnerability": "VCID-gnxr-2t9g-4ye4" }, { "vulnerability": "VCID-gzz6-md9v-b3em" }, { "vulnerability": "VCID-m3uj-4mag-kbf2" }, { "vulnerability": "VCID-mku9-3bpp-aqbk" }, { "vulnerability": "VCID-nxhc-rp71-hbdk" }, { "vulnerability": "VCID-pjgz-fa5h-tkfh" }, { "vulnerability": "VCID-qgbq-s33g-d7af" }, { "vulnerability": "VCID-uuf2-u7xh-uuef" }, { "vulnerability": "VCID-ver5-9t6m-c3ef" }, { "vulnerability": "VCID-vstv-ec14-quc5" }, { "vulnerability": "VCID-w5f1-xryr-fucq" }, { "vulnerability": "VCID-x4aw-v76q-vbdc" }, { "vulnerability": "VCID-xd7x-aevv-cfcp" }, { "vulnerability": "VCID-xfnw-15sz-zyfr" }, { "vulnerability": "VCID-y1h3-yyn9-53fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.4" } ], "aliases": [ "CVE-2024-4629", "GHSA-gc7q-jgjv-vjr2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyw-rgyv-bkhj" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.4" }