Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/509302?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/509302?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.2.0.Final", "type": "maven", "namespace": "org.keycloak", "name": "keycloak-parent", "version": "3.2.0.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207729?format=api", "vulnerability_id": "VCID-18mj-nf1g-eudw", "summary": "Allocation of Resources Without Limits or Throttling in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67645", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67734", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10758" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758", "reference_id": "CVE-2020-10758", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758" }, { "reference_url": "https://github.com/advisories/GHSA-52rg-hpwq-qp56", "reference_id": "GHSA-52rg-hpwq-qp56", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52rg-hpwq-qp56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3495", "reference_id": "RHSA-2020:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3496", "reference_id": "RHSA-2020:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3497", "reference_id": "RHSA-2020:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3501", "reference_id": "RHSA-2020:3501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3539", "reference_id": "RHSA-2020:3539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19012?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@11.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@11.0.1" } ], "aliases": [ "CVE-2020-10758", "GHSA-52rg-hpwq-qp56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18mj-nf1g-eudw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343205?format=api", "vulnerability_id": "VCID-3rur-12kv-m7hb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6493", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6503", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3637" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3637", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979638", "reference_id": "1979638", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979638" }, { "reference_url": "https://github.com/advisories/GHSA-2vp8-jv5v-6qh6", "reference_id": "GHSA-2vp8-jv5v-6qh6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2vp8-jv5v-6qh6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20004?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@14.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0" } ], "aliases": [ "CVE-2021-3637", "GHSA-2vp8-jv5v-6qh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3rur-12kv-m7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197023?format=api", "vulnerability_id": "VCID-4whe-byzu-uber", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43473", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43316", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3827" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007512", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007512" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3827", "reference_id": "CVE-2021-3827", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3827" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3827", "reference_id": "CVE-2021-3827", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3827" }, { "reference_url": "https://github.com/advisories/GHSA-4pc7-vqv5-5r3v", "reference_id": "GHSA-4pc7-vqv5-5r3v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4pc7-vqv5-5r3v" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v", "reference_id": "GHSA-4pc7-vqv5-5r3v", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0151", "reference_id": "RHSA-2022:0151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0152", "reference_id": "RHSA-2022:0152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0155", "reference_id": "RHSA-2022:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0164", "reference_id": "RHSA-2022:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20347?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0" } ], "aliases": [ "CVE-2021-3827", "GHSA-4pc7-vqv5-5r3v", "GMS-2022-1098" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4whe-byzu-uber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81491?format=api", "vulnerability_id": "VCID-84mv-ug5g-a3h9", "summary": "A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the \"Bearer\" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06726", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06705", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0707" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/49433", "reference_id": "49433", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://github.com/keycloak/keycloak/issues/49433" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-0707", "reference_id": "CVE-2026-0707", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-0707" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707", "reference_id": "CVE-2026-0707", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707" }, { "reference_url": "https://github.com/advisories/GHSA-gv94-wp4h-vv8p", "reference_id": "GHSA-gv94-wp4h-vv8p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gv94-wp4h-vv8p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "RHSA-2026:3947", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "RHSA-2026:3948", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427768", "reference_id": "show_bug.cgi?id=2427768", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427768" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/562888?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@26.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1" } ], "aliases": [ "CVE-2026-0707", "GHSA-gv94-wp4h-vv8p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84mv-ug5g-a3h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210093?format=api", "vulnerability_id": "VCID-8bsa-q81m-kqb4", "summary": "Keycloak Reflected XSS", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65747", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65638", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65736", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12158" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161" }, { "reference_url": "https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158", "reference_id": "CVE-2017-12158", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158" }, { "reference_url": "https://github.com/advisories/GHSA-v38p-mqq3-m6v5", "reference_id": "GHSA-v38p-mqq3-m6v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v38p-mqq3-m6v5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22046?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/509307?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-ktfu-j9gz-p7d1" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-pasa-fk1x-dkdz" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-zneb-4cqe-kyaj" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final" } ], "aliases": [ "CVE-2017-12158", "GHSA-v38p-mqq3-m6v5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bsa-q81m-kqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174865?format=api", "vulnerability_id": "VCID-c2nr-hks8-4qg1", "summary": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45714", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45567", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-3916", "reference_id": "CVE-2022-3916", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "reference_url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "GHSA-97g8-xfvw-q4hg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8961", "reference_id": "RHSA-2022:8961", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8962", "reference_id": "RHSA-2022:8962", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8963", "reference_id": "RHSA-2022:8963", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8964", "reference_id": "RHSA-2022:8964", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8965", "reference_id": "RHSA-2022:8965", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", "reference_id": "show_bug.cgi?id=2141404", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383900?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@20.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2" } ], "aliases": [ "CVE-2022-3916", "GHSA-97g8-xfvw-q4hg", "GMS-2022-8406" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nr-hks8-4qg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197027?format=api", "vulnerability_id": "VCID-cbrs-98sn-mqfq", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29757", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29954", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-16550", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-16550" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725", "reference_id": "CVE-2020-1725", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725" }, { "reference_url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm", "reference_id": "GHSA-p225-pc2x-4jpm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19016?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0" } ], "aliases": [ "CVE-2020-1725", "GHSA-p225-pc2x-4jpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbrs-98sn-mqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209885?format=api", "vulnerability_id": "VCID-e3c5-n2b5-fyca", "summary": "Keycloak Oauth Implementation Error", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69208", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69104", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69196", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160", "reference_id": "CVE-2017-12160", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160" }, { "reference_url": "https://github.com/advisories/GHSA-qc72-gfvw-76h7", "reference_id": "GHSA-qc72-gfvw-76h7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qc72-gfvw-76h7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21743?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-8bsa-q81m-kqb4" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-e3c5-n2b5-fyca" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-ktfu-j9gz-p7d1" }, { "vulnerability": "VCID-kx1h-zypy-53ed" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-pasa-fk1x-dkdz" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-zneb-4cqe-kyaj" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/509306?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-8bsa-q81m-kqb4" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-ktfu-j9gz-p7d1" }, { "vulnerability": "VCID-kx1h-zypy-53ed" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-pasa-fk1x-dkdz" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-zneb-4cqe-kyaj" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1" } ], "aliases": [ "CVE-2017-12160", "GHSA-qc72-gfvw-76h7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3c5-n2b5-fyca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207732?format=api", "vulnerability_id": "VCID-h6ky-xtx2-augv", "summary": "Cross-site Scripting in keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50841", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50973", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776", "reference_id": "CVE-2020-10776", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776" }, { "reference_url": "https://github.com/advisories/GHSA-484q-784p-8m5h", "reference_id": "GHSA-484q-784p-8m5h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-484q-784p-8m5h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4929", "reference_id": "RHSA-2020:4929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4930", "reference_id": "RHSA-2020:4930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4932", "reference_id": "RHSA-2020:4932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19013?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0" } ], "aliases": [ "CVE-2020-10776", "GHSA-484q-784p-8m5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6ky-xtx2-augv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207734?format=api", "vulnerability_id": "VCID-hvwy-pv1y-sqeg", "summary": "Improper Authentication for Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59035", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.59147", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1718" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756", "reference_id": "1796756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "reference_id": "CVE-2020-1718", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" }, { "reference_url": "https://github.com/advisories/GHSA-j229-2h63-rvh9", "reference_id": "GHSA-j229-2h63-rvh9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j229-2h63-rvh9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19018?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0" } ], "aliases": [ "CVE-2020-1718", "GHSA-j229-2h63-rvh9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvwy-pv1y-sqeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211403?format=api", "vulnerability_id": "VCID-kj39-hw6e-3ugc", "summary": "Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75882", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75811", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2256" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "reference_id": "CVE-2022-2256", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "reference_url": "https://github.com/advisories/GHSA-w9mf-83w3-fv49", "reference_id": "GHSA-w9mf-83w3-fv49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9mf-83w3-fv49" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "reference_id": "GHSA-w9mf-83w3-fv49", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6782", "reference_id": "RHSA-2022:6782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6783", "reference_id": "RHSA-2022:6783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6787", "reference_id": "RHSA-2022:6787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27030?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@19.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2" } ], "aliases": [ "CVE-2022-2256", "GHSA-w9mf-83w3-fv49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kj39-hw6e-3ugc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210028?format=api", "vulnerability_id": "VCID-ktfu-j9gz-p7d1", "summary": "Keycloak vulnerable to cross-site scripting via the state parameter", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3592", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3593", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3595", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3595" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44931", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44765", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44916", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14655" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396", "reference_id": "1625396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655", "reference_id": "CVE-2018-14655", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655" }, { "reference_url": "https://github.com/advisories/GHSA-458h-wv48-fq75", "reference_id": "GHSA-458h-wv48-fq75", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-458h-wv48-fq75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/509311?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-pasa-fk1x-dkdz" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-zneb-4cqe-kyaj" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3" }, { "url": "http://public2.vulnerablecode.io/api/packages/509316?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-zneb-4cqe-kyaj" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final" } ], "aliases": [ "CVE-2018-14655", "GHSA-458h-wv48-fq75" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktfu-j9gz-p7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30638?format=api", "vulnerability_id": "VCID-kx1h-zypy-53ed", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54917", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54776", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.549", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239" }, { "reference_url": "https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159", "reference_id": "CVE-2017-12159", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159" }, { "reference_url": "https://github.com/advisories/GHSA-7fmw-85qm-h22p", "reference_id": "GHSA-7fmw-85qm-h22p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fmw-85qm-h22p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22046?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/509307?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-ktfu-j9gz-p7d1" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-pasa-fk1x-dkdz" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-zneb-4cqe-kyaj" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final" } ], "aliases": [ "CVE-2017-12159", "GHSA-7fmw-85qm-h22p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kx1h-zypy-53ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197253?format=api", "vulnerability_id": "VCID-kyss-1ab7-77ef", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42315", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4215", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7976", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7976" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3513", "reference_id": "CVE-2021-3513", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3513" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513", "reference_id": "CVE-2021-3513", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513" }, { "reference_url": "https://github.com/advisories/GHSA-xv7h-95r7-595j", "reference_id": "GHSA-xv7h-95r7-595j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7h-95r7-595j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19016?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0" } ], "aliases": [ "CVE-2021-3513", "GHSA-xv7h-95r7-595j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyss-1ab7-77ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207728?format=api", "vulnerability_id": "VCID-mapz-gvsn-2qhj", "summary": "Cross-site Scripting in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58125", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58239", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10748" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836786", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836786" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10748", "reference_id": "CVE-2020-10748", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10748" }, { "reference_url": "https://github.com/advisories/GHSA-hgpg-593r-hhvp", "reference_id": "GHSA-hgpg-593r-hhvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpg-593r-hhvp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19011?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@10.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.2" } ], "aliases": [ "CVE-2020-10748", "GHSA-hgpg-593r-hhvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mapz-gvsn-2qhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197030?format=api", "vulnerability_id": "VCID-p3em-yab1-6bbk", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49561", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49698", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14359" }, { "reference_url": "https://github.com/keycloak/keycloak-gatekeeper", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak-gatekeeper" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/12934", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/12934" }, { "reference_url": "https://issues.jboss.org/browse/KEYCLOAK-14090", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/KEYCLOAK-14090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14359", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14359" }, { "reference_url": "https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868591", "reference_id": "1868591", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868591" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://github.com/advisories/GHSA-jh6m-3pqw-242h", "reference_id": "GHSA-jh6m-3pqw-242h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jh6m-3pqw-242h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19016?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0" } ], "aliases": [ "CVE-2020-14359", "GHSA-jh6m-3pqw-242h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3em-yab1-6bbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209468?format=api", "vulnerability_id": "VCID-pasa-fk1x-dkdz", "summary": "Keycloak Improper Bruteforce Detection", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3592", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3593", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3595", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3595" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57695", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57563", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57679", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14657" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404", "reference_id": "1625404", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657", "reference_id": "CVE-2018-14657", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657" }, { "reference_url": "https://github.com/advisories/GHSA-85v8-vx4w-q684", "reference_id": "GHSA-85v8-vx4w-q684", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-85v8-vx4w-q684" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/509316?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-zneb-4cqe-kyaj" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/21335?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-hvwy-pv1y-sqeg" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-zneb-4cqe-kyaj" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final" } ], "aliases": [ "CVE-2018-14657", "GHSA-85v8-vx4w-q684" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pasa-fk1x-dkdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197705?format=api", "vulnerability_id": "VCID-rvcz-9csv-gfb4", "summary": "directory traversal", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60091", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60198", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14366" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869764", "reference_id": "1869764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869764" }, { "reference_url": "https://security.archlinux.org/AVG-1471", "reference_id": "AVG-1471", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1471" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14366", "reference_id": "CVE-2020-14366", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14366" }, { "reference_url": "https://github.com/advisories/GHSA-cp67-8w3w-6h9c", "reference_id": "GHSA-cp67-8w3w-6h9c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cp67-8w3w-6h9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19013?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0" } ], "aliases": [ "CVE-2020-14366", "GHSA-cp67-8w3w-6h9c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvcz-9csv-gfb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197024?format=api", "vulnerability_id": "VCID-u9df-phf1-83gr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66537", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66629", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8203", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8203" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-18500", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-18500" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3632", "reference_id": "CVE-2021-3632", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3632" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632", "reference_id": "CVE-2021-3632", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632" }, { "reference_url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr", "reference_id": "GHSA-qpq9-jpv4-6gwr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/533815?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4twr-q814-p7as" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.0" } ], "aliases": [ "CVE-2021-3632", "GHSA-qpq9-jpv4-6gwr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9df-phf1-83gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207730?format=api", "vulnerability_id": "VCID-v9s6-g89x-akbd", "summary": "Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51281", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51412", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1694" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790759", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790759" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1694", "reference_id": "CVE-2020-1694", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1694" }, { "reference_url": "https://github.com/advisories/GHSA-72j4-94rx-cr6w", "reference_id": "GHSA-72j4-94rx-cr6w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72j4-94rx-cr6w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19009?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0" } ], "aliases": [ "CVE-2020-1694", "GHSA-72j4-94rx-cr6w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9s6-g89x-akbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211402?format=api", "vulnerability_id": "VCID-we56-zj4r-eqdw", "summary": "Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65261", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.6516", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2668" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-2668", "reference_id": "CVE-2022-2668", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "reference_id": "CVE-2022-2668", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "reference_url": "https://github.com/advisories/GHSA-wf7g-7h6h-678v", "reference_id": "GHSA-wf7g-7h6h-678v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wf7g-7h6h-678v" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "reference_id": "GHSA-wf7g-7h6h-678v", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6782", "reference_id": "RHSA-2022:6782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6783", "reference_id": "RHSA-2022:6783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6787", "reference_id": "RHSA-2022:6787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7409", "reference_id": "RHSA-2022:7409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7410", "reference_id": "RHSA-2022:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7411", "reference_id": "RHSA-2022:7411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7417", "reference_id": "RHSA-2022:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27030?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@19.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2" } ], "aliases": [ "CVE-2022-2668", "GHSA-wf7g-7h6h-678v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-we56-zj4r-eqdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/142637?format=api", "vulnerability_id": "VCID-wfeg-6241-cucs", "summary": "A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39499", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3967", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1", "reference_id": "cpe:/a:redhat:serverless:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6291", "reference_id": "CVE-2023-6291", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "reference_url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "GHSA-mpwq-j3xf-7m5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7854", "reference_id": "RHSA-2023:7854", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7855", "reference_id": "RHSA-2023:7855", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7856", "reference_id": "RHSA-2023:7856", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7857", "reference_id": "RHSA-2023:7857", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7858", "reference_id": "RHSA-2023:7858", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7860", "reference_id": "RHSA-2023:7860", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7861", "reference_id": "RHSA-2023:7861", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0798", "reference_id": "RHSA-2024:0798", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0799", "reference_id": "RHSA-2024:0799", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0800", "reference_id": "RHSA-2024:0800", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0801", "reference_id": "RHSA-2024:0801", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0804", "reference_id": "RHSA-2024:0804", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407", "reference_id": "show_bug.cgi?id=2251407", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394986?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@23.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0" } ], "aliases": [ "CVE-2023-6291", "GHSA-mpwq-j3xf-7m5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfeg-6241-cucs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78879?format=api", "vulnerability_id": "VCID-wsxe-rr25-efbc", "summary": "A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02144", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02141", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1518" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1518", "reference_id": "CVE-2026-1518", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1518" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1518", "reference_id": "CVE-2026-1518", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1518" }, { "reference_url": "https://github.com/advisories/GHSA-fwhw-chw4-gh37", "reference_id": "GHSA-fwhw-chw4-gh37", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwhw-chw4-gh37" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433727", "reference_id": "show_bug.cgi?id=2433727", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433727" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/562889?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@26.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nw7d-d5r1-kua8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3" } ], "aliases": [ "CVE-2026-1518", "GHSA-fwhw-chw4-gh37" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wsxe-rr25-efbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197029?format=api", "vulnerability_id": "VCID-zneb-4cqe-kyaj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39865", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40035", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1717" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796281", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796281" }, { "reference_url": "https://issues.jboss.org/browse/KEYCLOAK-12014", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/KEYCLOAK-12014" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1717", "reference_id": "CVE-2020-1717", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1717" }, { "reference_url": "https://github.com/advisories/GHSA-rvfc-g8j5-9ccf", "reference_id": "GHSA-rvfc-g8j5-9ccf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvfc-g8j5-9ccf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19018?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-v9s6-g89x-akbd" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" }, { "vulnerability": "VCID-ztxp-j5gt-4qdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0" } ], "aliases": [ "CVE-2020-1717", "GHSA-rvfc-g8j5-9ccf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zneb-4cqe-kyaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207726?format=api", "vulnerability_id": "VCID-ztxp-j5gt-4qdb", "summary": "Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49187", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4905", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1758" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-13285", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-13285" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514", "reference_id": "1812514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758", "reference_id": "CVE-2020-1758", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758" }, { "reference_url": "https://github.com/advisories/GHSA-c597-f74m-jgc2", "reference_id": "GHSA-c597-f74m-jgc2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c597-f74m-jgc2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19009?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18mj-nf1g-eudw" }, { "vulnerability": "VCID-3rur-12kv-m7hb" }, { "vulnerability": "VCID-4whe-byzu-uber" }, { "vulnerability": "VCID-7xs3-dzkt-tfgq" }, { "vulnerability": "VCID-84mv-ug5g-a3h9" }, { "vulnerability": "VCID-c2nr-hks8-4qg1" }, { "vulnerability": "VCID-cbrs-98sn-mqfq" }, { "vulnerability": "VCID-db3z-zawx-kuc4" }, { "vulnerability": "VCID-h6ky-xtx2-augv" }, { "vulnerability": "VCID-kj39-hw6e-3ugc" }, { "vulnerability": "VCID-kyss-1ab7-77ef" }, { "vulnerability": "VCID-mapz-gvsn-2qhj" }, { "vulnerability": "VCID-nw7d-d5r1-kua8" }, { "vulnerability": "VCID-p3em-yab1-6bbk" }, { "vulnerability": "VCID-rvcz-9csv-gfb4" }, { "vulnerability": "VCID-u9df-phf1-83gr" }, { "vulnerability": "VCID-we56-zj4r-eqdw" }, { "vulnerability": "VCID-wfeg-6241-cucs" }, { "vulnerability": "VCID-wsxe-rr25-efbc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0" } ], "aliases": [ "CVE-2020-1758", "GHSA-c597-f74m-jgc2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxp-j5gt-4qdb" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.2.0.Final" }