Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-core@17.0.0
Typemaven
Namespaceorg.keycloak
Namekeycloak-core
Version17.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.1.3
Latest_non_vulnerable_version26.1.3
Affected_by_vulnerabilities
0
url VCID-2xyb-g3n4-n3ca
vulnerability_id VCID-2xyb-g3n4-n3ca
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1274
reference_id
reference_type
scores
0
value 0.00842
scoring_system epss
scoring_elements 0.74741
published_at 2026-04-13T12:55:00Z
1
value 0.00842
scoring_system epss
scoring_elements 0.7475
published_at 2026-04-12T12:55:00Z
2
value 0.00842
scoring_system epss
scoring_elements 0.74771
published_at 2026-04-11T12:55:00Z
3
value 0.00861
scoring_system epss
scoring_elements 0.75057
published_at 2026-04-09T12:55:00Z
4
value 0.00861
scoring_system epss
scoring_elements 0.75046
published_at 2026-04-08T12:55:00Z
5
value 0.00861
scoring_system epss
scoring_elements 0.75012
published_at 2026-04-07T12:55:00Z
6
value 0.00861
scoring_system epss
scoring_elements 0.75036
published_at 2026-04-04T12:55:00Z
7
value 0.00861
scoring_system epss
scoring_elements 0.75007
published_at 2026-04-02T12:55:00Z
8
value 0.00861
scoring_system epss
scoring_elements 0.75004
published_at 2026-04-01T12:55:00Z
9
value 0.00978
scoring_system epss
scoring_elements 0.76771
published_at 2026-04-18T12:55:00Z
10
value 0.00978
scoring_system epss
scoring_elements 0.76766
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1274
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2073157
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2073157
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
5
reference_url https://github.com/keycloak/keycloak/pull/16764
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/16764
6
reference_url https://herolab.usd.de/security-advisories/usd-2021-0033
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://herolab.usd.de/security-advisories/usd-2021-0033
7
reference_url https://herolab.usd.de/security-advisories/usd-2021-0033/
reference_id
reference_type
scores
url https://herolab.usd.de/security-advisories/usd-2021-0033/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1274
reference_id CVE-2022-1274
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1274
9
reference_url https://github.com/advisories/GHSA-m4fv-gm5m-4725
reference_id GHSA-m4fv-gm5m-4725
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4fv-gm5m-4725
10
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
reference_id GHSA-m4fv-gm5m-4725
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.5
purl pkg:maven/org.keycloak/keycloak-core@20.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49qw-j7rn-qfdf
1
vulnerability VCID-7xuf-btg3-ckf6
2
vulnerability VCID-e85z-cn66-fye8
3
vulnerability VCID-eaaa-ejr9-6ygx
4
vulnerability VCID-engr-q4ge-53dc
5
vulnerability VCID-epys-8p8v-zugv
6
vulnerability VCID-heqp-u355-wyaz
7
vulnerability VCID-kp25-fan9-jkd2
8
vulnerability VCID-nhe2-8dtq-gqbf
9
vulnerability VCID-yaxc-7za7-zbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.5
aliases CVE-2022-1274, GHSA-m4fv-gm5m-4725, GMS-2023-528
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xyb-g3n4-n3ca
1
url VCID-49qw-j7rn-qfdf
vulnerability_id VCID-49qw-j7rn-qfdf
summary 
Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xmmm-jw76-q7vg. This link is maintained to preserve external references.

# Original Description
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.
A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:6502
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6502
1
reference_url https://access.redhat.com/errata/RHSA-2024:6503
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:6503
2
reference_url https://access.redhat.com/security/cve/CVE-2024-7318
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2024-7318
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2301876
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2301876
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
6
reference_url https://github.com/advisories/GHSA-57rh-gr4v-j5f6
reference_id GHSA-57rh-gr4v-j5f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57rh-gr4v-j5f6
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.0
purl pkg:maven/org.keycloak/keycloak-core@25.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eaaa-ejr9-6ygx
1
vulnerability VCID-heqp-u355-wyaz
2
vulnerability VCID-kp25-fan9-jkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0
aliases GHSA-57rh-gr4v-j5f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49qw-j7rn-qfdf
2
url VCID-7j7q-m1zp-zfac
vulnerability_id VCID-7j7q-m1zp-zfac
summary 
Keycloak has lack of validation of access token on client registrations endpoint
When a service account with the create-client or manage-clients role can use the client-registration endpoints to create/manage clients with an access token.

If the access token is leaked, there is an option to revoke the specific token. However, the check is not performed in client-registration endpoints.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-0091
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/
url https://access.redhat.com/security/cve/CVE-2023-0091
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28303
published_at 2026-04-18T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.28511
published_at 2026-04-04T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28302
published_at 2026-04-07T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.28367
published_at 2026-04-08T12:55:00Z
4
value 0.00104
scoring_system epss
scoring_elements 0.28411
published_at 2026-04-09T12:55:00Z
5
value 0.00104
scoring_system epss
scoring_elements 0.28414
published_at 2026-04-11T12:55:00Z
6
value 0.00104
scoring_system epss
scoring_elements 0.28371
published_at 2026-04-12T12:55:00Z
7
value 0.00104
scoring_system epss
scoring_elements 0.28313
published_at 2026-04-13T12:55:00Z
8
value 0.00104
scoring_system epss
scoring_elements 0.28325
published_at 2026-04-16T12:55:00Z
9
value 0.00104
scoring_system epss
scoring_elements 0.28469
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
reference_id 2158585
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
7
reference_url https://github.com/advisories/GHSA-v436-q368-hvgg
reference_id GHSA-v436-q368-hvgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v436-q368-hvgg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.3
purl pkg:maven/org.keycloak/keycloak-core@20.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyb-g3n4-n3ca
1
vulnerability VCID-49qw-j7rn-qfdf
2
vulnerability VCID-7xuf-btg3-ckf6
3
vulnerability VCID-e85z-cn66-fye8
4
vulnerability VCID-eaaa-ejr9-6ygx
5
vulnerability VCID-engr-q4ge-53dc
6
vulnerability VCID-epys-8p8v-zugv
7
vulnerability VCID-heqp-u355-wyaz
8
vulnerability VCID-kp25-fan9-jkd2
9
vulnerability VCID-nhe2-8dtq-gqbf
10
vulnerability VCID-yaxc-7za7-zbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.3
aliases CVE-2023-0091, GHSA-v436-q368-hvgg, GMS-2023-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j7q-m1zp-zfac
3
url VCID-7xuf-btg3-ckf6
vulnerability_id VCID-7xuf-btg3-ckf6
summary 
Keycloak Denial of Service vulnerability
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with the introduction of the User Profile feature.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-6841
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/
url https://access.redhat.com/security/cve/CVE-2023-6841
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6841
reference_id
reference_type
scores
0
value 0.00613
scoring_system epss
scoring_elements 0.69851
published_at 2026-04-09T12:55:00Z
1
value 0.00613
scoring_system epss
scoring_elements 0.69859
published_at 2026-04-12T12:55:00Z
2
value 0.00613
scoring_system epss
scoring_elements 0.69845
published_at 2026-04-13T12:55:00Z
3
value 0.00613
scoring_system epss
scoring_elements 0.69796
published_at 2026-04-02T12:55:00Z
4
value 0.00613
scoring_system epss
scoring_elements 0.69874
published_at 2026-04-11T12:55:00Z
5
value 0.00613
scoring_system epss
scoring_elements 0.69788
published_at 2026-04-07T12:55:00Z
6
value 0.00613
scoring_system epss
scoring_elements 0.69811
published_at 2026-04-04T12:55:00Z
7
value 0.00613
scoring_system epss
scoring_elements 0.69896
published_at 2026-04-18T12:55:00Z
8
value 0.00613
scoring_system epss
scoring_elements 0.69887
published_at 2026-04-16T12:55:00Z
9
value 0.00613
scoring_system epss
scoring_elements 0.69836
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6841
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254714
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2254714
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/issues/32837
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/32837
6
reference_url https://github.com/keycloak/keycloak/releases/tag/24.0.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/24.0.0
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6841
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6841
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4
reference_id cpe:/a:redhat:mobile_application_platform:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
13
reference_url https://github.com/advisories/GHSA-w97f-w3hq-36g2
reference_id GHSA-w97f-w3hq-36g2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w97f-w3hq-36g2
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.0
purl pkg:maven/org.keycloak/keycloak-core@24.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49qw-j7rn-qfdf
1
vulnerability VCID-e85z-cn66-fye8
2
vulnerability VCID-eaaa-ejr9-6ygx
3
vulnerability VCID-heqp-u355-wyaz
4
vulnerability VCID-kp25-fan9-jkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.0
aliases CVE-2023-6841, GHSA-w97f-w3hq-36g2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xuf-btg3-ckf6
4
url VCID-c8ps-95au-zbg5
vulnerability_id VCID-c8ps-95au-zbg5
summary 
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
### Summary

A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (16.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the groups' dropdown functionality. 

### Impact

Successful attacks of this vulnerability can result a privileged attacker to load a XSS script, and steal data from other users. The impact can be considered moderate to low, considering privileged credentials are required.

### References
- Please refer to the Keycloak Security mailing list for more information.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
2
reference_url https://github.com/advisories/GHSA-755v-r4x4-qf7m
reference_id GHSA-755v-r4x4-qf7m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-755v-r4x4-qf7m
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.0
purl pkg:maven/org.keycloak/keycloak-core@20.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyb-g3n4-n3ca
1
vulnerability VCID-49qw-j7rn-qfdf
2
vulnerability VCID-7j7q-m1zp-zfac
3
vulnerability VCID-7xuf-btg3-ckf6
4
vulnerability VCID-dxj3-8sk5-mfdy
5
vulnerability VCID-e85z-cn66-fye8
6
vulnerability VCID-eaaa-ejr9-6ygx
7
vulnerability VCID-engr-q4ge-53dc
8
vulnerability VCID-epys-8p8v-zugv
9
vulnerability VCID-heqp-u355-wyaz
10
vulnerability VCID-kp25-fan9-jkd2
11
vulnerability VCID-nhe2-8dtq-gqbf
12
vulnerability VCID-yaxc-7za7-zbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.0
aliases GHSA-755v-r4x4-qf7m, GMS-2022-7509
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8ps-95au-zbg5
5
url VCID-dxj3-8sk5-mfdy
vulnerability_id VCID-dxj3-8sk5-mfdy
summary 
Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
references
0
reference_url https://access.redhat.com/errata/RHSA-2022:8961
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8961
1
reference_url https://access.redhat.com/errata/RHSA-2022:8962
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8962
2
reference_url https://access.redhat.com/errata/RHSA-2022:8963
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8963
3
reference_url https://access.redhat.com/errata/RHSA-2022:8964
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8964
4
reference_url https://access.redhat.com/errata/RHSA-2022:8965
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8965
5
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1043
6
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1044
7
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1045
8
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1047
9
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1049
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45477
published_at 2026-04-18T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45418
published_at 2026-04-02T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45438
published_at 2026-04-04T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45382
published_at 2026-04-07T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45437
published_at 2026-04-09T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45458
published_at 2026-04-11T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45428
published_at 2026-04-12T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.4543
published_at 2026-04-13T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45481
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
13
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
20
reference_url https://access.redhat.com/security/cve/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/security/cve/CVE-2022-3916
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
22
reference_url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
23
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.2
purl pkg:maven/org.keycloak/keycloak-core@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyb-g3n4-n3ca
1
vulnerability VCID-49qw-j7rn-qfdf
2
vulnerability VCID-7j7q-m1zp-zfac
3
vulnerability VCID-7xuf-btg3-ckf6
4
vulnerability VCID-e85z-cn66-fye8
5
vulnerability VCID-eaaa-ejr9-6ygx
6
vulnerability VCID-engr-q4ge-53dc
7
vulnerability VCID-epys-8p8v-zugv
8
vulnerability VCID-heqp-u355-wyaz
9
vulnerability VCID-kp25-fan9-jkd2
10
vulnerability VCID-mavd-c8fd-dkhe
11
vulnerability VCID-nhe2-8dtq-gqbf
12
vulnerability VCID-yaxc-7za7-zbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.2
aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy
6
url VCID-e85z-cn66-fye8
vulnerability_id VCID-e85z-cn66-fye8
summary 
Keycloak Open Redirect vulnerability
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the `referrer` and `referrer_uri` parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.

Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the `redirect_uri` using URL encoding, to hide the text of the actual malicious website domain.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:6502
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/errata/RHSA-2024:6502
1
reference_url https://access.redhat.com/errata/RHSA-2024:6503
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/errata/RHSA-2024:6503
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json
3
reference_url https://access.redhat.com/security/cve/CVE-2024-7260
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/security/cve/CVE-2024-7260
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7260
reference_id
reference_type
scores
0
value 0.00367
scoring_system epss
scoring_elements 0.58672
published_at 2026-04-18T12:55:00Z
1
value 0.00367
scoring_system epss
scoring_elements 0.58607
published_at 2026-04-02T12:55:00Z
2
value 0.00367
scoring_system epss
scoring_elements 0.58628
published_at 2026-04-04T12:55:00Z
3
value 0.00367
scoring_system epss
scoring_elements 0.58598
published_at 2026-04-07T12:55:00Z
4
value 0.00367
scoring_system epss
scoring_elements 0.58649
published_at 2026-04-08T12:55:00Z
5
value 0.00367
scoring_system epss
scoring_elements 0.58656
published_at 2026-04-09T12:55:00Z
6
value 0.00367
scoring_system epss
scoring_elements 0.58673
published_at 2026-04-11T12:55:00Z
7
value 0.00367
scoring_system epss
scoring_elements 0.58654
published_at 2026-04-12T12:55:00Z
8
value 0.00367
scoring_system epss
scoring_elements 0.58634
published_at 2026-04-13T12:55:00Z
9
value 0.00367
scoring_system epss
scoring_elements 0.58667
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7260
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2301875
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2301875
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7260
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7260
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id cpe:/a:redhat:build_keycloak:24
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
10
reference_url https://github.com/advisories/GHSA-g4gc-rh26-m3p5
reference_id GHSA-g4gc-rh26-m3p5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4gc-rh26-m3p5
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.0
purl pkg:maven/org.keycloak/keycloak-core@25.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eaaa-ejr9-6ygx
1
vulnerability VCID-heqp-u355-wyaz
2
vulnerability VCID-kp25-fan9-jkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0
aliases CVE-2024-7260, GHSA-g4gc-rh26-m3p5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e85z-cn66-fye8
7
url VCID-eaaa-ejr9-6ygx
vulnerability_id VCID-eaaa-ejr9-6ygx
summary 
Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:6502
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/errata/RHSA-2024:6502
1
reference_url https://access.redhat.com/errata/RHSA-2024:6503
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/errata/RHSA-2024:6503
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json
3
reference_url https://access.redhat.com/security/cve/CVE-2024-7318
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/security/cve/CVE-2024-7318
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7318
reference_id
reference_type
scores
0
value 0.0139
scoring_system epss
scoring_elements 0.80304
published_at 2026-04-02T12:55:00Z
1
value 0.0139
scoring_system epss
scoring_elements 0.8038
published_at 2026-04-18T12:55:00Z
2
value 0.0139
scoring_system epss
scoring_elements 0.80378
published_at 2026-04-16T12:55:00Z
3
value 0.0139
scoring_system epss
scoring_elements 0.80349
published_at 2026-04-13T12:55:00Z
4
value 0.0139
scoring_system epss
scoring_elements 0.80355
published_at 2026-04-12T12:55:00Z
5
value 0.0139
scoring_system epss
scoring_elements 0.8037
published_at 2026-04-11T12:55:00Z
6
value 0.0139
scoring_system epss
scoring_elements 0.80351
published_at 2026-04-09T12:55:00Z
7
value 0.0139
scoring_system epss
scoring_elements 0.8034
published_at 2026-04-08T12:55:00Z
8
value 0.0139
scoring_system epss
scoring_elements 0.80312
published_at 2026-04-07T12:55:00Z
9
value 0.0139
scoring_system epss
scoring_elements 0.80323
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7318
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2301876
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2301876
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id cpe:/a:redhat:build_keycloak:24
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
11
reference_url https://github.com/advisories/GHSA-xmmm-jw76-q7vg
reference_id GHSA-xmmm-jw76-q7vg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmmm-jw76-q7vg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.4
purl pkg:maven/org.keycloak/keycloak-core@25.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-heqp-u355-wyaz
1
vulnerability VCID-kp25-fan9-jkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.4
aliases CVE-2024-7318, GHSA-xmmm-jw76-q7vg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eaaa-ejr9-6ygx
8
url VCID-engr-q4ge-53dc
vulnerability_id VCID-engr-q4ge-53dc
summary 
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6134
reference_id
reference_type
scores
0
value 0.02468
scoring_system epss
scoring_elements 0.85284
published_at 2026-04-18T12:55:00Z
1
value 0.02468
scoring_system epss
scoring_elements 0.85203
published_at 2026-04-02T12:55:00Z
2
value 0.02468
scoring_system epss
scoring_elements 0.85221
published_at 2026-04-04T12:55:00Z
3
value 0.02468
scoring_system epss
scoring_elements 0.85224
published_at 2026-04-07T12:55:00Z
4
value 0.02468
scoring_system epss
scoring_elements 0.85246
published_at 2026-04-08T12:55:00Z
5
value 0.02468
scoring_system epss
scoring_elements 0.85254
published_at 2026-04-09T12:55:00Z
6
value 0.02468
scoring_system epss
scoring_elements 0.85268
published_at 2026-04-11T12:55:00Z
7
value 0.02468
scoring_system epss
scoring_elements 0.85266
published_at 2026-04-12T12:55:00Z
8
value 0.02468
scoring_system epss
scoring_elements 0.85263
published_at 2026-04-13T12:55:00Z
9
value 0.02468
scoring_system epss
scoring_elements 0.85283
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6134
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2249673
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2249673
10
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
11
reference_url https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20
12
reference_url https://access.redhat.com/security/cve/CVE-2023-6134
reference_id CVE-2023-6134
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-6134
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6134
reference_id CVE-2023-6134
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6134
14
reference_url https://github.com/advisories/GHSA-cvg2-7c3j-g36j
reference_id GHSA-cvg2-7c3j-g36j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cvg2-7c3j-g36j
15
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j
reference_id GHSA-cvg2-7c3j-g36j
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@23.0.0
purl pkg:maven/org.keycloak/keycloak-core@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49qw-j7rn-qfdf
1
vulnerability VCID-7xuf-btg3-ckf6
2
vulnerability VCID-e85z-cn66-fye8
3
vulnerability VCID-eaaa-ejr9-6ygx
4
vulnerability VCID-epys-8p8v-zugv
5
vulnerability VCID-heqp-u355-wyaz
6
vulnerability VCID-kp25-fan9-jkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0
aliases CVE-2023-6134, GHSA-cvg2-7c3j-g36j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-engr-q4ge-53dc
9
url VCID-epys-8p8v-zugv
vulnerability_id VCID-epys-8p8v-zugv
summary 
keycloak-core: open redirect via "form_post.jwt" JARM response mode
An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt". It is observed that changing the response_mode parameter in the original proof of concept from "form_post" to "form_post.jwt" can bypass the security patch implemented to address CVE-2023-6134.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:0094
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0094
1
reference_url https://access.redhat.com/errata/RHSA-2024:0095
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0095
2
reference_url https://access.redhat.com/errata/RHSA-2024:0096
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0096
3
reference_url https://access.redhat.com/errata/RHSA-2024:0097
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0097
4
reference_url https://access.redhat.com/errata/RHSA-2024:0098
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0098
5
reference_url https://access.redhat.com/errata/RHSA-2024:0100
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0100
6
reference_url https://access.redhat.com/errata/RHSA-2024:0101
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0101
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
8
reference_url https://access.redhat.com/security/cve/CVE-2023-6927
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-6927
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6927
reference_id
reference_type
scores
0
value 0.00838
scoring_system epss
scoring_elements 0.74719
published_at 2026-04-18T12:55:00Z
1
value 0.00838
scoring_system epss
scoring_elements 0.74632
published_at 2026-04-02T12:55:00Z
2
value 0.00838
scoring_system epss
scoring_elements 0.74658
published_at 2026-04-04T12:55:00Z
3
value 0.00838
scoring_system epss
scoring_elements 0.74633
published_at 2026-04-07T12:55:00Z
4
value 0.00838
scoring_system epss
scoring_elements 0.74665
published_at 2026-04-08T12:55:00Z
5
value 0.00838
scoring_system epss
scoring_elements 0.74679
published_at 2026-04-09T12:55:00Z
6
value 0.00838
scoring_system epss
scoring_elements 0.74703
published_at 2026-04-11T12:55:00Z
7
value 0.00838
scoring_system epss
scoring_elements 0.74682
published_at 2026-04-12T12:55:00Z
8
value 0.00838
scoring_system epss
scoring_elements 0.74674
published_at 2026-04-13T12:55:00Z
9
value 0.00838
scoring_system epss
scoring_elements 0.74711
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6927
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2255027
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2255027
11
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
12
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6927
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6927
14
reference_url https://github.com/advisories/GHSA-3p75-q5cc-qmj7
reference_id GHSA-3p75-q5cc-qmj7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3p75-q5cc-qmj7
15
reference_url https://github.com/advisories/GHSA-9vm7-v8wj-3fqw
reference_id GHSA-9vm7-v8wj-3fqw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vm7-v8wj-3fqw
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@23.0.4
purl pkg:maven/org.keycloak/keycloak-core@23.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49qw-j7rn-qfdf
1
vulnerability VCID-7xuf-btg3-ckf6
2
vulnerability VCID-e85z-cn66-fye8
3
vulnerability VCID-eaaa-ejr9-6ygx
4
vulnerability VCID-heqp-u355-wyaz
5
vulnerability VCID-kp25-fan9-jkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.4
aliases CVE-2023-6927, GHSA-3p75-q5cc-qmj7, GHSA-9vm7-v8wj-3fqw, GMS-2024-51
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epys-8p8v-zugv
10
url VCID-fknh-1j7d-jyeq
vulnerability_id VCID-fknh-1j7d-jyeq
summary 
Improper authorization in Keycloak
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1466
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36609
published_at 2026-04-18T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36626
published_at 2026-04-16T12:55:00Z
2
value 0.00158
scoring_system epss
scoring_elements 0.36692
published_at 2026-04-02T12:55:00Z
3
value 0.00158
scoring_system epss
scoring_elements 0.3652
published_at 2026-04-01T12:55:00Z
4
value 0.00158
scoring_system epss
scoring_elements 0.36723
published_at 2026-04-04T12:55:00Z
5
value 0.00158
scoring_system epss
scoring_elements 0.3658
published_at 2026-04-13T12:55:00Z
6
value 0.00158
scoring_system epss
scoring_elements 0.36604
published_at 2026-04-12T12:55:00Z
7
value 0.00158
scoring_system epss
scoring_elements 0.36638
published_at 2026-04-11T12:55:00Z
8
value 0.00158
scoring_system epss
scoring_elements 0.36632
published_at 2026-04-09T12:55:00Z
9
value 0.00158
scoring_system epss
scoring_elements 0.36613
published_at 2026-04-08T12:55:00Z
10
value 0.00158
scoring_system epss
scoring_elements 0.36561
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1466
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2050228
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2050228
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
5
reference_url https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1466
reference_id CVE-2022-1466
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1466
7
reference_url https://github.com/advisories/GHSA-f32v-vf79-p29q
reference_id GHSA-f32v-vf79-p29q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f32v-vf79-p29q
8
reference_url https://access.redhat.com/errata/RHSA-2022:0449
reference_id RHSA-2022:0449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0449
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@17.0.1
purl pkg:maven/org.keycloak/keycloak-core@17.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyb-g3n4-n3ca
1
vulnerability VCID-49qw-j7rn-qfdf
2
vulnerability VCID-7j7q-m1zp-zfac
3
vulnerability VCID-7xuf-btg3-ckf6
4
vulnerability VCID-c8ps-95au-zbg5
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-e85z-cn66-fye8
7
vulnerability VCID-eaaa-ejr9-6ygx
8
vulnerability VCID-engr-q4ge-53dc
9
vulnerability VCID-epys-8p8v-zugv
10
vulnerability VCID-heqp-u355-wyaz
11
vulnerability VCID-kp25-fan9-jkd2
12
vulnerability VCID-nhe2-8dtq-gqbf
13
vulnerability VCID-yaxc-7za7-zbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.1
aliases CVE-2022-1466, GHSA-f32v-vf79-p29q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fknh-1j7d-jyeq
11
url VCID-heqp-u355-wyaz
vulnerability_id VCID-heqp-u355-wyaz
summary 
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
1
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
2
reference_url https://github.com/keycloak/keycloak/issues/35217
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/35217
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319217
reference_id 2319217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319217
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10039
reference_id CVE-2024-10039
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-10039
6
reference_url https://github.com/advisories/GHSA-93ww-43rr-79v3
reference_id GHSA-93ww-43rr-79v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93ww-43rr-79v3
7
reference_url https://access.redhat.com/errata/RHSA-2025:11645
reference_id RHSA-2025:11645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11645
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@26.0.6
purl pkg:maven/org.keycloak/keycloak-core@26.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kp25-fan9-jkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.0.6
aliases CVE-2024-10039, GHSA-93ww-43rr-79v3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-heqp-u355-wyaz
12
url VCID-kp25-fan9-jkd2
vulnerability_id VCID-kp25-fan9-jkd2
summary 
Keycloak allows cross-site scripting (XSS)
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json
1
reference_url https://access.redhat.com/security/cve/CVE-2024-4028
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/
url https://access.redhat.com/security/cve/CVE-2024-4028
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4028
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.29138
published_at 2026-04-12T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.29184
published_at 2026-04-11T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.29178
published_at 2026-04-09T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.2909
published_at 2026-04-18T12:55:00Z
4
value 0.00108
scoring_system epss
scoring_elements 0.29136
published_at 2026-04-08T12:55:00Z
5
value 0.00108
scoring_system epss
scoring_elements 0.29073
published_at 2026-04-07T12:55:00Z
6
value 0.00108
scoring_system epss
scoring_elements 0.29113
published_at 2026-04-16T12:55:00Z
7
value 0.00108
scoring_system epss
scoring_elements 0.29086
published_at 2026-04-13T12:55:00Z
8
value 0.0015
scoring_system epss
scoring_elements 0.3563
published_at 2026-04-02T12:55:00Z
9
value 0.0015
scoring_system epss
scoring_elements 0.35655
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4028
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2276418
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2276418
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4028
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4028
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
8
reference_url https://github.com/advisories/GHSA-q4xq-445g-g6ch
reference_id GHSA-q4xq-445g-g6ch
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4xq-445g-g6ch
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@26.1.3
purl pkg:maven/org.keycloak/keycloak-core@26.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.1.3
aliases CVE-2024-4028, GHSA-q4xq-445g-g6ch
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kp25-fan9-jkd2
13
url VCID-nhe2-8dtq-gqbf
vulnerability_id VCID-nhe2-8dtq-gqbf
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39708
published_at 2026-04-18T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39721
published_at 2026-04-02T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39743
published_at 2026-04-04T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39661
published_at 2026-04-07T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39715
published_at 2026-04-08T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.3973
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39739
published_at 2026-04-11T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39703
published_at 2026-04-12T12:55:00Z
8
value 0.00181
scoring_system epss
scoring_elements 0.39687
published_at 2026-04-13T12:55:00Z
9
value 0.00181
scoring_system epss
scoring_elements 0.39737
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
10
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
11
reference_url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
29
reference_url https://access.redhat.com/security/cve/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/security/cve/CVE-2023-6291
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
31
reference_url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
32
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@23.0.0
purl pkg:maven/org.keycloak/keycloak-core@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49qw-j7rn-qfdf
1
vulnerability VCID-7xuf-btg3-ckf6
2
vulnerability VCID-e85z-cn66-fye8
3
vulnerability VCID-eaaa-ejr9-6ygx
4
vulnerability VCID-epys-8p8v-zugv
5
vulnerability VCID-heqp-u355-wyaz
6
vulnerability VCID-kp25-fan9-jkd2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0
aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf
14
url VCID-yaxc-7za7-zbbe
vulnerability_id VCID-yaxc-7za7-zbbe
summary 
Keycloak vulnerable to untrusted certificate validation
A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1664
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48738
published_at 2026-04-13T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48731
published_at 2026-04-12T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.48739
published_at 2026-04-09T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.48783
published_at 2026-04-18T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.48787
published_at 2026-04-16T12:55:00Z
5
value 0.00254
scoring_system epss
scoring_elements 0.48756
published_at 2026-04-11T12:55:00Z
6
value 0.00254
scoring_system epss
scoring_elements 0.48709
published_at 2026-04-02T12:55:00Z
7
value 0.00254
scoring_system epss
scoring_elements 0.48734
published_at 2026-04-04T12:55:00Z
8
value 0.00254
scoring_system epss
scoring_elements 0.48688
published_at 2026-04-07T12:55:00Z
9
value 0.00254
scoring_system epss
scoring_elements 0.48742
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1664
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T21:33:57Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182196
reference_id 2182196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182196
6
reference_url https://access.redhat.com/security/cve/CVE-2023-1664
reference_id CVE-2023-1664
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-1664
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1664
reference_id CVE-2023-1664
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1664
8
reference_url https://github.com/advisories/GHSA-5cc8-pgp5-7mpm
reference_id GHSA-5cc8-pgp5-7mpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cc8-pgp5-7mpm
9
reference_url https://github.com/advisories/GHSA-c892-cwq6-qrqf
reference_id GHSA-c892-cwq6-qrqf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c892-cwq6-qrqf
10
reference_url https://access.redhat.com/errata/RHSA-2023:5491
reference_id RHSA-2023:5491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5491
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@21.1.2
purl pkg:maven/org.keycloak/keycloak-core@21.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49qw-j7rn-qfdf
1
vulnerability VCID-7xuf-btg3-ckf6
2
vulnerability VCID-e85z-cn66-fye8
3
vulnerability VCID-eaaa-ejr9-6ygx
4
vulnerability VCID-engr-q4ge-53dc
5
vulnerability VCID-epys-8p8v-zugv
6
vulnerability VCID-heqp-u355-wyaz
7
vulnerability VCID-kp25-fan9-jkd2
8
vulnerability VCID-nhe2-8dtq-gqbf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@21.1.2
aliases CVE-2023-1664, GHSA-5cc8-pgp5-7mpm, GHSA-c892-cwq6-qrqf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yaxc-7za7-zbbe
Fixing_vulnerabilities
0
url VCID-3bcu-tbpy-gfg6
vulnerability_id VCID-3bcu-tbpy-gfg6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20323
reference_id
reference_type
scores
0
value 0.66054
scoring_system epss
scoring_elements 0.9852
published_at 2026-04-18T12:55:00Z
1
value 0.66054
scoring_system epss
scoring_elements 0.98504
published_at 2026-04-02T12:55:00Z
2
value 0.66054
scoring_system epss
scoring_elements 0.98506
published_at 2026-04-07T12:55:00Z
3
value 0.66054
scoring_system epss
scoring_elements 0.98509
published_at 2026-04-08T12:55:00Z
4
value 0.66054
scoring_system epss
scoring_elements 0.98511
published_at 2026-04-09T12:55:00Z
5
value 0.66054
scoring_system epss
scoring_elements 0.98514
published_at 2026-04-13T12:55:00Z
6
value 0.66054
scoring_system epss
scoring_elements 0.98513
published_at 2026-04-12T12:55:00Z
7
value 0.66054
scoring_system epss
scoring_elements 0.98519
published_at 2026-04-16T12:55:00Z
8
value 0.66054
scoring_system epss
scoring_elements 0.98502
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20323
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2013577
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2013577
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20323
reference_id CVE-2021-20323
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20323
5
reference_url https://github.com/advisories/GHSA-xpgc-j48j-jwv9
reference_id GHSA-xpgc-j48j-jwv9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpgc-j48j-jwv9
6
reference_url https://access.redhat.com/errata/RHSA-2022:0407
reference_id RHSA-2022:0407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0407
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@17.0.0
purl pkg:maven/org.keycloak/keycloak-core@17.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xyb-g3n4-n3ca
1
vulnerability VCID-49qw-j7rn-qfdf
2
vulnerability VCID-7j7q-m1zp-zfac
3
vulnerability VCID-7xuf-btg3-ckf6
4
vulnerability VCID-c8ps-95au-zbg5
5
vulnerability VCID-dxj3-8sk5-mfdy
6
vulnerability VCID-e85z-cn66-fye8
7
vulnerability VCID-eaaa-ejr9-6ygx
8
vulnerability VCID-engr-q4ge-53dc
9
vulnerability VCID-epys-8p8v-zugv
10
vulnerability VCID-fknh-1j7d-jyeq
11
vulnerability VCID-heqp-u355-wyaz
12
vulnerability VCID-kp25-fan9-jkd2
13
vulnerability VCID-nhe2-8dtq-gqbf
14
vulnerability VCID-yaxc-7za7-zbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.0
aliases CVE-2021-20323, GHSA-xpgc-j48j-jwv9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3bcu-tbpy-gfg6
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.0