Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/keycloak-connect@4.4.0
Typenpm
Namespace
Namekeycloak-connect
Version4.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-13dn-ke8h-67ez
vulnerability_id VCID-13dn-ke8h-67ez
summary 
Insufficient Session Expiration
A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged-in, to see the personal information of a previously logged-out user in the account manager section.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1724
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33277
published_at 2026-06-05T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33175
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1724
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800527
reference_id 1800527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800527
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1724
reference_id CVE-2020-1724
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1724
6
reference_url https://access.redhat.com/errata/RHSA-2020:2106
reference_id RHSA-2020:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2106
7
reference_url https://access.redhat.com/errata/RHSA-2020:2107
reference_id RHSA-2020:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2107
8
reference_url https://access.redhat.com/errata/RHSA-2020:2108
reference_id RHSA-2020:2108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2108
9
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
10
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
11
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
fixed_packages
0
url pkg:npm/keycloak-connect@9.0.2
purl pkg:npm/keycloak-connect@9.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-38u7-pvx6-ayb4
2
vulnerability VCID-3ajr-7d59-8ycu
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-dc8s-fqv5-1uhk
10
vulnerability VCID-e5va-tex4-5yea
11
vulnerability VCID-jm25-gtrc-zuhh
12
vulnerability VCID-k6ct-rgvj-t3an
13
vulnerability VCID-wgzd-wv2e-pyhy
14
vulnerability VCID-wt2c-cyu2-kbgm
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.2
aliases CVE-2020-1724, GHSA-8xj2-47xw-q78c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-13dn-ke8h-67ez
1
url VCID-2qmw-afpp-7qa8
vulnerability_id VCID-2qmw-afpp-7qa8
summary 
Improper Authentication
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1718
reference_id
reference_type
scores
0
value 0.00367
scoring_system epss
scoring_elements 0.5897
published_at 2026-06-05T12:55:00Z
1
value 0.00367
scoring_system epss
scoring_elements 0.58922
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1718
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1796756
reference_id 1796756
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1796756
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1718
reference_id CVE-2020-1718
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1718
5
reference_url https://github.com/advisories/GHSA-j229-2h63-rvh9
reference_id GHSA-j229-2h63-rvh9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j229-2h63-rvh9
6
reference_url https://access.redhat.com/errata/RHSA-2020:2106
reference_id RHSA-2020:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2106
7
reference_url https://access.redhat.com/errata/RHSA-2020:2107
reference_id RHSA-2020:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2107
8
reference_url https://access.redhat.com/errata/RHSA-2020:2108
reference_id RHSA-2020:2108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2108
9
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
10
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
11
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
12
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
13
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-361y-pegm-gqbs
2
vulnerability VCID-38u7-pvx6-ayb4
3
vulnerability VCID-3ajr-7d59-8ycu
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-cwqj-tnbj-3ubh
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-e5va-tex4-5yea
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-k6ct-rgvj-t3an
14
vulnerability VCID-wgzd-wv2e-pyhy
15
vulnerability VCID-wt2c-cyu2-kbgm
16
vulnerability VCID-wuh8-4akm-2uae
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2020-1718, GHSA-j229-2h63-rvh9
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8
2
url VCID-361y-pegm-gqbs
vulnerability_id VCID-361y-pegm-gqbs
summary 
Improper authorization in Keycloak
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1466
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36403
published_at 2026-06-05T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36309
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1466
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2050228
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2050228
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
5
reference_url https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1466
reference_id CVE-2022-1466
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1466
7
reference_url https://github.com/advisories/GHSA-f32v-vf79-p29q
reference_id GHSA-f32v-vf79-p29q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f32v-vf79-p29q
8
reference_url https://access.redhat.com/errata/RHSA-2022:0449
reference_id RHSA-2022:0449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0449
fixed_packages
0
url pkg:npm/keycloak-connect@17.0.1
purl pkg:npm/keycloak-connect@17.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38u7-pvx6-ayb4
1
vulnerability VCID-3ajr-7d59-8ycu
2
vulnerability VCID-6vdm-7hxn-3kh3
3
vulnerability VCID-azxv-y5rj-vkg9
4
vulnerability VCID-b7wt-ds9h-9bcu
5
vulnerability VCID-crj8-4jaa-yyes
6
vulnerability VCID-e5va-tex4-5yea
7
vulnerability VCID-k6ct-rgvj-t3an
8
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@17.0.1
aliases CVE-2022-1466, GHSA-f32v-vf79-p29q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-361y-pegm-gqbs
3
url VCID-38u7-pvx6-ayb4
vulnerability_id VCID-38u7-pvx6-ayb4
summary 
Improper Validation of Integrity Check Value
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
references
0
reference_url http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48795
reference_id
reference_type
scores
0
value 0.54214
scoring_system epss
scoring_elements 0.98065
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48795
3
reference_url https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
4
reference_url https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
5
reference_url https://bugs.gentoo.org/920280
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://bugs.gentoo.org/920280
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254210
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2254210
7
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1217950
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://bugzilla.suse.com/show_bug.cgi?id=1217950
8
reference_url https://cert-portal.siemens.com/productcert/html/ssa-082556.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-082556.html
9
reference_url https://cert-portal.siemens.com/productcert/html/ssa-364175.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-364175.html
10
reference_url https://cert-portal.siemens.com/productcert/html/ssa-769027.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-769027.html
11
reference_url https://cert-portal.siemens.com/productcert/html/ssa-794697.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-794697.html
12
reference_url https://cert-portal.siemens.com/productcert/html/ssa-915275.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-915275.html
13
reference_url https://crates.io/crates/thrussh/versions
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://crates.io/crates/thrussh/versions
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918
18
reference_url http://seclists.org/fulldisclosure/2024/Mar/21
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://seclists.org/fulldisclosure/2024/Mar/21
19
reference_url https://filezilla-project.org/versions.php
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://filezilla-project.org/versions.php
20
reference_url https://forum.netgate.com/topic/184941/terrapin-ssh-attack
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://forum.netgate.com/topic/184941/terrapin-ssh-attack
21
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
22
reference_url https://github.com/apache/mina-sshd/issues/445
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/apache/mina-sshd/issues/445
23
reference_url https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
24
reference_url https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
25
reference_url https://github.com/cyd01/KiTTY/issues/520
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/cyd01/KiTTY/issues/520
26
reference_url https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
27
reference_url https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
28
reference_url https://github.com/erlang/otp/releases/tag/OTP-26.2.1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/erlang/otp/releases/tag/OTP-26.2.1
29
reference_url https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
30
reference_url https://github.com/hierynomus/sshj/issues/916
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/hierynomus/sshj/issues/916
31
reference_url https://github.com/janmojzis/tinyssh/issues/81
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/janmojzis/tinyssh/issues/81
32
reference_url https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
33
reference_url https://github.com/libssh2/libssh2/pull/1291
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/libssh2/libssh2/pull/1291
34
reference_url https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
35
reference_url https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
36
reference_url https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
37
reference_url https://github.com/mwiede/jsch/issues/457
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mwiede/jsch/issues/457
38
reference_url https://github.com/mwiede/jsch/pull/461
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mwiede/jsch/pull/461
39
reference_url https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
40
reference_url https://github.com/NixOS/nixpkgs/pull/275249
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/NixOS/nixpkgs/pull/275249
41
reference_url https://github.com/openssh/openssh-portable/commits/master
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/openssh/openssh-portable/commits/master
42
reference_url https://github.com/paramiko/paramiko/issues/2337
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/paramiko/paramiko/issues/2337
43
reference_url https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
44
reference_url https://github.com/PowerShell/Win32-OpenSSH/issues/2189
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/PowerShell/Win32-OpenSSH/issues/2189
45
reference_url https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
46
reference_url https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
47
reference_url https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
48
reference_url https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
49
reference_url https://github.com/proftpd/proftpd/issues/456
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/proftpd/proftpd/issues/456
50
reference_url https://github.com/rapier1/hpn-ssh/releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/rapier1/hpn-ssh/releases
51
reference_url https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
52
reference_url https://github.com/ronf/asyncssh/tags
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/ronf/asyncssh/tags
53
reference_url https://github.com/ssh-mitm/ssh-mitm/issues/165
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/ssh-mitm/ssh-mitm/issues/165
54
reference_url https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
55
reference_url https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
56
reference_url https://github.com/warp-tech/russh
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/warp-tech/russh
57
reference_url https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
58
reference_url https://github.com/warp-tech/russh/releases/tag/v0.40.2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/warp-tech/russh/releases/tag/v0.40.2
59
reference_url https://gitlab.com/libssh/libssh-mirror/-/tags
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://gitlab.com/libssh/libssh-mirror/-/tags
60
reference_url https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
61
reference_url https://go.dev/cl/550715
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/550715
62
reference_url https://go.dev/issue/64784
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/64784
63
reference_url https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
64
reference_url https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
65
reference_url https://help.panic.com/releasenotes/transmit5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://help.panic.com/releasenotes/transmit5
66
reference_url https://help.panic.com/releasenotes/transmit5/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://help.panic.com/releasenotes/transmit5/
67
reference_url https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
68
reference_url https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
69
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
70
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
71
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
72
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
73
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
74
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html
75
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html
76
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
77
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
78
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
79
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
80
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
81
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
82
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
83
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
84
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
85
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
86
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
87
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
88
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
89
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
90
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
91
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
92
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
93
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
94
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
95
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
96
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
97
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
98
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
99
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
100
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
101
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
102
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
103
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
104
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
105
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
106
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
107
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
108
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
109
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
110
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
111
reference_url https://matt.ucc.asn.au/dropbear/CHANGES
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://matt.ucc.asn.au/dropbear/CHANGES
112
reference_url https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
113
reference_url https://news.ycombinator.com/item?id=38684904
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://news.ycombinator.com/item?id=38684904
114
reference_url https://news.ycombinator.com/item?id=38685286
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://news.ycombinator.com/item?id=38685286
115
reference_url https://news.ycombinator.com/item?id=38732005
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://news.ycombinator.com/item?id=38732005
116
reference_url https://nova.app/releases/#v11.8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://nova.app/releases/#v11.8
117
reference_url https://oryx-embedded.com/download/#changelog
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://oryx-embedded.com/download/#changelog
118
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
119
reference_url https://roumenpetrov.info/secsh/#news20231220
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://roumenpetrov.info/secsh/#news20231220
120
reference_url https://security.gentoo.org/glsa/202312-16
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security.gentoo.org/glsa/202312-16
121
reference_url https://security.gentoo.org/glsa/202312-17
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security.gentoo.org/glsa/202312-17
122
reference_url https://security.netapp.com/advisory/ntap-20240105-0004
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240105-0004
123
reference_url https://security-tracker.debian.org/tracker/source-package/libssh2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security-tracker.debian.org/tracker/source-package/libssh2
124
reference_url https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
125
reference_url https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
126
reference_url https://support.apple.com/kb/HT214084
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://support.apple.com/kb/HT214084
127
reference_url https://twitter.com/TrueSkrillor/status/1736774389725565005
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://twitter.com/TrueSkrillor/status/1736774389725565005
128
reference_url https://winscp.net/eng/docs/history#6.2.2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://winscp.net/eng/docs/history#6.2.2
129
reference_url https://www.bitvise.com/ssh-client-version-history#933
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.bitvise.com/ssh-client-version-history#933
130
reference_url https://www.bitvise.com/ssh-server-version-history
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.bitvise.com/ssh-server-version-history
131
reference_url https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
132
reference_url https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
133
reference_url https://www.debian.org/security/2023/dsa-5586
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.debian.org/security/2023/dsa-5586
134
reference_url https://www.debian.org/security/2023/dsa-5588
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.debian.org/security/2023/dsa-5588
135
reference_url https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
136
reference_url https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
137
reference_url https://www.netsarang.com/en/xshell-update-history
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.netsarang.com/en/xshell-update-history
138
reference_url https://www.netsarang.com/en/xshell-update-history/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.netsarang.com/en/xshell-update-history/
139
reference_url https://www.openssh.com/openbsd.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.openssh.com/openbsd.html
140
reference_url https://www.openssh.com/txt/release-9.6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.openssh.com/txt/release-9.6
141
reference_url https://www.openwall.com/lists/oss-security/2023/12/18/2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.openwall.com/lists/oss-security/2023/12/18/2
142
reference_url https://www.openwall.com/lists/oss-security/2023/12/20/3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.openwall.com/lists/oss-security/2023/12/20/3
143
reference_url https://www.paramiko.org/changelog.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.paramiko.org/changelog.html
144
reference_url https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
145
reference_url https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
146
reference_url https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
147
reference_url https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
148
reference_url https://www.terrapin-attack.com
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.terrapin-attack.com
149
reference_url https://www.theregister.com/2023/12/20/terrapin_attack_ssh
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.theregister.com/2023/12/20/terrapin_attack_ssh
150
reference_url https://www.vandyke.com/products/securecrt/history.txt
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.vandyke.com/products/securecrt/history.txt
151
reference_url http://www.openwall.com/lists/oss-security/2023/12/18/3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2023/12/18/3
152
reference_url http://www.openwall.com/lists/oss-security/2023/12/19/5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2023/12/19/5
153
reference_url http://www.openwall.com/lists/oss-security/2023/12/20/3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2023/12/20/3
154
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
155
reference_url http://www.openwall.com/lists/oss-security/2024/04/17/8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2024/04/17/8
156
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001
reference_id 1059001
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001
157
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002
reference_id 1059002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002
158
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003
reference_id 1059003
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003
159
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004
reference_id 1059004
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004
160
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005
reference_id 1059005
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005
161
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006
reference_id 1059006
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006
162
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007
reference_id 1059007
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007
163
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058
reference_id 1059058
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058
164
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144
reference_id 1059144
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144
165
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290
reference_id 1059290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290
166
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294
reference_id 1059294
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294
167
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
reference_id 33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
168
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
reference_id 3CAYYW35MUTNO65RVAELICTNZZFMT2XS
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
169
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
reference_id 3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
170
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
reference_id 6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
171
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
reference_id BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
172
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
reference_id C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
173
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
reference_id CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
174
reference_url https://access.redhat.com/security/cve/cve-2023-48795
reference_id CVE-2023-48795
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://access.redhat.com/security/cve/cve-2023-48795
175
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48795
reference_id CVE-2023-48795
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48795
176
reference_url https://security-tracker.debian.org/tracker/CVE-2023-48795
reference_id CVE-2023-48795
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security-tracker.debian.org/tracker/CVE-2023-48795
177
reference_url https://ubuntu.com/security/CVE-2023-48795
reference_id CVE-2023-48795
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://ubuntu.com/security/CVE-2023-48795
178
reference_url https://thorntech.com/cve-2023-48795-and-sftp-gateway
reference_id CVE-2023-48795-AND-SFTP-GATEWAY
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://thorntech.com/cve-2023-48795-and-sftp-gateway
179
reference_url https://thorntech.com/cve-2023-48795-and-sftp-gateway/
reference_id CVE-2023-48795-AND-SFTP-GATEWAY
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://thorntech.com/cve-2023-48795-and-sftp-gateway/
180
reference_url https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit
reference_id CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit
181
reference_url https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability
reference_id CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability
182
reference_url https://github.com/advisories/GHSA-45x7-px36-x8w8
reference_id GHSA-45x7-px36-x8w8
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/advisories/GHSA-45x7-px36-x8w8
183
reference_url https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
reference_id GHSA-45x7-px36-x8w8
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
184
reference_url https://security.gentoo.org/glsa/202407-11
reference_id GLSA-202407-11
reference_type
scores
url https://security.gentoo.org/glsa/202407-11
185
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
186
reference_url https://security.gentoo.org/glsa/202509-06
reference_id GLSA-202509-06
reference_type
scores
url https://security.gentoo.org/glsa/202509-06
187
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
reference_id HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
188
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
reference_id I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
189
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
reference_id KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
190
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
reference_id L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
191
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
reference_id LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
192
reference_url https://security.netapp.com/advisory/ntap-20240105-0004/
reference_id ntap-20240105-0004
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security.netapp.com/advisory/ntap-20240105-0004/
193
reference_url https://access.redhat.com/errata/RHSA-2023:7197
reference_id RHSA-2023:7197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7197
194
reference_url https://access.redhat.com/errata/RHSA-2023:7198
reference_id RHSA-2023:7198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7198
195
reference_url https://access.redhat.com/errata/RHSA-2023:7201
reference_id RHSA-2023:7201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7201
196
reference_url https://access.redhat.com/errata/RHSA-2024:0040
reference_id RHSA-2024:0040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0040
197
reference_url https://access.redhat.com/errata/RHSA-2024:0429
reference_id RHSA-2024:0429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0429
198
reference_url https://access.redhat.com/errata/RHSA-2024:0455
reference_id RHSA-2024:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0455
199
reference_url https://access.redhat.com/errata/RHSA-2024:0499
reference_id RHSA-2024:0499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0499
200
reference_url https://access.redhat.com/errata/RHSA-2024:0538
reference_id RHSA-2024:0538
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0538
201
reference_url https://access.redhat.com/errata/RHSA-2024:0594
reference_id RHSA-2024:0594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0594
202
reference_url https://access.redhat.com/errata/RHSA-2024:0606
reference_id RHSA-2024:0606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0606
203
reference_url https://access.redhat.com/errata/RHSA-2024:0625
reference_id RHSA-2024:0625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0625
204
reference_url https://access.redhat.com/errata/RHSA-2024:0628
reference_id RHSA-2024:0628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0628
205
reference_url https://access.redhat.com/errata/RHSA-2024:0766
reference_id RHSA-2024:0766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0766
206
reference_url https://access.redhat.com/errata/RHSA-2024:0789
reference_id RHSA-2024:0789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0789
207
reference_url https://access.redhat.com/errata/RHSA-2024:0843
reference_id RHSA-2024:0843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0843
208
reference_url https://access.redhat.com/errata/RHSA-2024:0880
reference_id RHSA-2024:0880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0880
209
reference_url https://access.redhat.com/errata/RHSA-2024:0954
reference_id RHSA-2024:0954
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0954
210
reference_url https://access.redhat.com/errata/RHSA-2024:1130
reference_id RHSA-2024:1130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1130
211
reference_url https://access.redhat.com/errata/RHSA-2024:1150
reference_id RHSA-2024:1150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1150
212
reference_url https://access.redhat.com/errata/RHSA-2024:1192
reference_id RHSA-2024:1192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1192
213
reference_url https://access.redhat.com/errata/RHSA-2024:1193
reference_id RHSA-2024:1193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1193
214
reference_url https://access.redhat.com/errata/RHSA-2024:1196
reference_id RHSA-2024:1196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1196
215
reference_url https://access.redhat.com/errata/RHSA-2024:1197
reference_id RHSA-2024:1197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1197
216
reference_url https://access.redhat.com/errata/RHSA-2024:1210
reference_id RHSA-2024:1210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1210
217
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
218
reference_url https://access.redhat.com/errata/RHSA-2024:1557
reference_id RHSA-2024:1557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1557
219
reference_url https://access.redhat.com/errata/RHSA-2024:1859
reference_id RHSA-2024:1859
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1859
220
reference_url https://access.redhat.com/errata/RHSA-2024:2728
reference_id RHSA-2024:2728
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2728
221
reference_url https://access.redhat.com/errata/RHSA-2024:2735
reference_id RHSA-2024:2735
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2735
222
reference_url https://access.redhat.com/errata/RHSA-2024:2768
reference_id RHSA-2024:2768
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2768
223
reference_url https://access.redhat.com/errata/RHSA-2024:2988
reference_id RHSA-2024:2988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2988
224
reference_url https://access.redhat.com/errata/RHSA-2024:3479
reference_id RHSA-2024:3479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3479
225
reference_url https://access.redhat.com/errata/RHSA-2024:3634
reference_id RHSA-2024:3634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3634
226
reference_url https://access.redhat.com/errata/RHSA-2024:3635
reference_id RHSA-2024:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3635
227
reference_url https://access.redhat.com/errata/RHSA-2024:3636
reference_id RHSA-2024:3636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3636
228
reference_url https://access.redhat.com/errata/RHSA-2024:3918
reference_id RHSA-2024:3918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3918
229
reference_url https://access.redhat.com/errata/RHSA-2024:4010
reference_id RHSA-2024:4010
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4010
230
reference_url https://access.redhat.com/errata/RHSA-2024:4151
reference_id RHSA-2024:4151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4151
231
reference_url https://access.redhat.com/errata/RHSA-2024:4329
reference_id RHSA-2024:4329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4329
232
reference_url https://access.redhat.com/errata/RHSA-2024:4479
reference_id RHSA-2024:4479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4479
233
reference_url https://access.redhat.com/errata/RHSA-2024:4484
reference_id RHSA-2024:4484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4484
234
reference_url https://access.redhat.com/errata/RHSA-2024:4597
reference_id RHSA-2024:4597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4597
235
reference_url https://access.redhat.com/errata/RHSA-2024:4662
reference_id RHSA-2024:4662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4662
236
reference_url https://access.redhat.com/errata/RHSA-2024:4955
reference_id RHSA-2024:4955
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4955
237
reference_url https://access.redhat.com/errata/RHSA-2024:4959
reference_id RHSA-2024:4959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4959
238
reference_url https://access.redhat.com/errata/RHSA-2024:5200
reference_id RHSA-2024:5200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5200
239
reference_url https://access.redhat.com/errata/RHSA-2024:5432
reference_id RHSA-2024:5432
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5432
240
reference_url https://access.redhat.com/errata/RHSA-2024:5433
reference_id RHSA-2024:5433
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5433
241
reference_url https://access.redhat.com/errata/RHSA-2024:5438
reference_id RHSA-2024:5438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5438
242
reference_url https://access.redhat.com/errata/RHSA-2024:8235
reference_id RHSA-2024:8235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8235
243
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
244
reference_url https://usn.ubuntu.com/6560-1/
reference_id USN-6560-1
reference_type
scores
url https://usn.ubuntu.com/6560-1/
245
reference_url https://usn.ubuntu.com/6560-2/
reference_id USN-6560-2
reference_type
scores
url https://usn.ubuntu.com/6560-2/
246
reference_url https://usn.ubuntu.com/6561-1/
reference_id USN-6561-1
reference_type
scores
url https://usn.ubuntu.com/6561-1/
247
reference_url https://usn.ubuntu.com/6585-1/
reference_id USN-6585-1
reference_type
scores
url https://usn.ubuntu.com/6585-1/
248
reference_url https://usn.ubuntu.com/6589-1/
reference_id USN-6589-1
reference_type
scores
url https://usn.ubuntu.com/6589-1/
249
reference_url https://usn.ubuntu.com/6598-1/
reference_id USN-6598-1
reference_type
scores
url https://usn.ubuntu.com/6598-1/
250
reference_url https://usn.ubuntu.com/6738-1/
reference_id USN-6738-1
reference_type
scores
url https://usn.ubuntu.com/6738-1/
251
reference_url https://usn.ubuntu.com/7051-1/
reference_id USN-7051-1
reference_type
scores
url https://usn.ubuntu.com/7051-1/
252
reference_url https://usn.ubuntu.com/7292-1/
reference_id USN-7292-1
reference_type
scores
url https://usn.ubuntu.com/7292-1/
253
reference_url https://usn.ubuntu.com/7297-1/
reference_id USN-7297-1
reference_type
scores
url https://usn.ubuntu.com/7297-1/
fixed_packages
aliases CVE-2023-48795, GHSA-45x7-px36-x8w8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38u7-pvx6-ayb4
4
url VCID-3ajr-7d59-8ycu
vulnerability_id VCID-3ajr-7d59-8ycu
summary keycloak: impersonation and lockout possible through incorrect handling of email trust
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0105.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0105.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-0105
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:47:18Z/
url https://access.redhat.com/security/cve/CVE-2023-0105
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0105
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42277
published_at 2026-06-04T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42352
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0105
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/87a50d3ba790b049e436c9925874f9b418af7988
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/87a50d3ba790b049e436c9925874f9b418af7988
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-c7xw-p58w-h6fj
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-c7xw-p58w-h6fj
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158910
reference_id 2158910
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2158910
7
reference_url https://access.redhat.com/errata/RHSA-2023:7482
reference_id RHSA-2023:7482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7482
8
reference_url https://access.redhat.com/errata/RHSA-2023:7483
reference_id RHSA-2023:7483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7483
9
reference_url https://access.redhat.com/errata/RHSA-2023:7484
reference_id RHSA-2023:7484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7484
10
reference_url https://access.redhat.com/errata/RHSA-2023:7486
reference_id RHSA-2023:7486
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7486
11
reference_url https://access.redhat.com/errata/RHSA-2023:7488
reference_id RHSA-2023:7488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7488
fixed_packages
aliases CVE-2023-0105, GHSA-c7xw-p58w-h6fj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ajr-7d59-8ycu
5
url VCID-5zh6-37gp-pbas
vulnerability_id VCID-5zh6-37gp-pbas
summary 
Improper Authentication
The SAML broker consumer endpoint in Keycloak ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14637
reference_id
reference_type
scores
0
value 0.00301
scoring_system epss
scoring_elements 0.5373
published_at 2026-06-05T12:55:00Z
1
value 0.00301
scoring_system epss
scoring_elements 0.53672
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14637
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637
3
reference_url https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1627851
reference_id 1627851
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1627851
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14637
reference_id CVE-2018-14637
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14637
6
reference_url https://github.com/advisories/GHSA-gf2j-7qwg-4f5x
reference_id GHSA-gf2j-7qwg-4f5x
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gf2j-7qwg-4f5x
fixed_packages
0
url pkg:npm/keycloak-connect@4.6.0
purl pkg:npm/keycloak-connect@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-9719-srgk-33dh
8
vulnerability VCID-azxv-y5rj-vkg9
9
vulnerability VCID-b7wt-ds9h-9bcu
10
vulnerability VCID-cg94-7n2h-7fac
11
vulnerability VCID-crj8-4jaa-yyes
12
vulnerability VCID-cwqj-tnbj-3ubh
13
vulnerability VCID-dc8s-fqv5-1uhk
14
vulnerability VCID-djda-aqxt-s3e9
15
vulnerability VCID-dx7u-4d6j-cfee
16
vulnerability VCID-e5va-tex4-5yea
17
vulnerability VCID-eucs-thxn-4kfv
18
vulnerability VCID-jm25-gtrc-zuhh
19
vulnerability VCID-k6ct-rgvj-t3an
20
vulnerability VCID-p1cj-f4de-1qc4
21
vulnerability VCID-prsa-264j-mfah
22
vulnerability VCID-wgzd-wv2e-pyhy
23
vulnerability VCID-wt2c-cyu2-kbgm
24
vulnerability VCID-wuh8-4akm-2uae
25
vulnerability VCID-x24y-5nan-efg3
26
vulnerability VCID-xbkp-kjgd-fqcx
27
vulnerability VCID-xghp-f8g9-akhn
28
vulnerability VCID-y9de-4w6u-abfa
29
vulnerability VCID-zfgf-9455-d3fe
30
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.6.0
aliases CVE-2018-14637, GHSA-gf2j-7qwg-4f5x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh6-37gp-pbas
6
url VCID-6vdm-7hxn-3kh3
vulnerability_id VCID-6vdm-7hxn-3kh3
summary 
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using `checkSSO` with query param `prompt=none`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2237.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2237.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2237
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.37992
published_at 2026-06-05T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.379
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2237
2
reference_url https://github.com/keycloak/keycloak-nodejs-connect
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-nodejs-connect
3
reference_url https://github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c21
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-nodejs-connect/commit/190a9470e234bbd9ac5d5de43f5a19aead9a2c21
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2237
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2237
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2097007
reference_id 2097007
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:14:56Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2097007
6
reference_url https://github.com/advisories/GHSA-59fq-727j-hm3f
reference_id GHSA-59fq-727j-hm3f
reference_type
scores
url https://github.com/advisories/GHSA-59fq-727j-hm3f
7
reference_url https://github.com/keycloak/keycloak-nodejs-connect/security/advisories/GHSA-59fq-727j-hm3f
reference_id GHSA-59fq-727j-hm3f
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-nodejs-connect/security/advisories/GHSA-59fq-727j-hm3f
fixed_packages
0
url pkg:npm/keycloak-connect@18.0.2
purl pkg:npm/keycloak-connect@18.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38u7-pvx6-ayb4
1
vulnerability VCID-3ajr-7d59-8ycu
2
vulnerability VCID-azxv-y5rj-vkg9
3
vulnerability VCID-b7wt-ds9h-9bcu
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-e5va-tex4-5yea
6
vulnerability VCID-k6ct-rgvj-t3an
7
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@18.0.2
1
url pkg:npm/keycloak-connect@21.0.1
purl pkg:npm/keycloak-connect@21.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38u7-pvx6-ayb4
1
vulnerability VCID-b7wt-ds9h-9bcu
2
vulnerability VCID-e5va-tex4-5yea
3
vulnerability VCID-k6ct-rgvj-t3an
4
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@21.0.1
aliases CVE-2022-2237, GHSA-59fq-727j-hm3f, GMS-2023-578
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vdm-7hxn-3kh3
7
url VCID-7662-z35s-9qeq
vulnerability_id VCID-7662-z35s-9qeq
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3513
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3513
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42063
published_at 2026-06-04T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42137
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3513
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/pull/7976
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7976
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3513
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1953439
reference_id 1953439
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1953439
7
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
8
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
9
reference_url https://github.com/advisories/GHSA-xv7h-95r7-595j
reference_id GHSA-xv7h-95r7-595j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv7h-95r7-595j
10
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
11
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
12
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
13
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:npm/keycloak-connect@13.0.0
purl pkg:npm/keycloak-connect@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-38u7-pvx6-ayb4
2
vulnerability VCID-3ajr-7d59-8ycu
3
vulnerability VCID-6vdm-7hxn-3kh3
4
vulnerability VCID-azxv-y5rj-vkg9
5
vulnerability VCID-b7wt-ds9h-9bcu
6
vulnerability VCID-crj8-4jaa-yyes
7
vulnerability VCID-e5va-tex4-5yea
8
vulnerability VCID-k6ct-rgvj-t3an
9
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@13.0.0
aliases CVE-2021-3513, GHSA-xv7h-95r7-595j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7662-z35s-9qeq
8
url VCID-9719-srgk-33dh
vulnerability_id VCID-9719-srgk-33dh
summary 
Improper Certificate Validation
The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols (`http` or `ldap`) and hence the caller should verify the signature and possibly the certification path. Keycloak currently does not validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3875
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.15163
published_at 2026-06-05T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.15078
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3875
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875
3
reference_url http://www.securityfocus.com/bid/108748
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108748
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1690628
reference_id 1690628
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1690628
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3875
reference_id CVE-2019-3875
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3875
6
reference_url https://github.com/advisories/GHSA-38cg-gg9j-q9j9
reference_id GHSA-38cg-gg9j-q9j9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38cg-gg9j-q9j9
7
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
8
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@7.0.0
purl pkg:npm/keycloak-connect@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-b7wt-ds9h-9bcu
9
vulnerability VCID-crj8-4jaa-yyes
10
vulnerability VCID-cwqj-tnbj-3ubh
11
vulnerability VCID-dc8s-fqv5-1uhk
12
vulnerability VCID-dx7u-4d6j-cfee
13
vulnerability VCID-e5va-tex4-5yea
14
vulnerability VCID-jm25-gtrc-zuhh
15
vulnerability VCID-k6ct-rgvj-t3an
16
vulnerability VCID-kj7x-2shm-fqh1
17
vulnerability VCID-p1cj-f4de-1qc4
18
vulnerability VCID-rt61-271c-nkgk
19
vulnerability VCID-wgzd-wv2e-pyhy
20
vulnerability VCID-wt2c-cyu2-kbgm
21
vulnerability VCID-wuh8-4akm-2uae
22
vulnerability VCID-x24y-5nan-efg3
23
vulnerability VCID-xbkp-kjgd-fqcx
24
vulnerability VCID-xghp-f8g9-akhn
25
vulnerability VCID-y9de-4w6u-abfa
26
vulnerability VCID-zfgf-9455-d3fe
27
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0
aliases CVE-2019-3875, GHSA-38cg-gg9j-q9j9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9719-srgk-33dh
9
url VCID-azxv-y5rj-vkg9
vulnerability_id VCID-azxv-y5rj-vkg9
summary 
Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
references
0
reference_url https://access.redhat.com/errata/RHSA-2022:8961
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8961
1
reference_url https://access.redhat.com/errata/RHSA-2022:8962
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8962
2
reference_url https://access.redhat.com/errata/RHSA-2022:8963
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8963
3
reference_url https://access.redhat.com/errata/RHSA-2022:8964
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8964
4
reference_url https://access.redhat.com/errata/RHSA-2022:8965
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8965
5
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1043
6
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1044
7
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1045
8
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1047
9
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1049
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45539
published_at 2026-06-05T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.4547
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
13
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
20
reference_url https://access.redhat.com/security/cve/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/security/cve/CVE-2022-3916
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
22
reference_url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
23
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
fixed_packages
0
url pkg:npm/keycloak-connect@20.0.2
purl pkg:npm/keycloak-connect@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38u7-pvx6-ayb4
1
vulnerability VCID-3ajr-7d59-8ycu
2
vulnerability VCID-b7wt-ds9h-9bcu
3
vulnerability VCID-crj8-4jaa-yyes
4
vulnerability VCID-e5va-tex4-5yea
5
vulnerability VCID-k6ct-rgvj-t3an
6
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@20.0.2
aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9
10
url VCID-b7wt-ds9h-9bcu
vulnerability_id VCID-b7wt-ds9h-9bcu
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:1043
1
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:1044
2
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:1045
3
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:1049
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4137
reference_id
reference_type
scores
0
value 0.00529
scoring_system epss
scoring_elements 0.67575
published_at 2026-06-05T12:55:00Z
1
value 0.00529
scoring_system epss
scoring_elements 0.67533
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4137
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2148496
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2148496
7
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
8
reference_url https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
9
reference_url https://github.com/keycloak/keycloak/pull/16774
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/16774
10
reference_url https://access.redhat.com/security/cve/CVE-2022-4137
reference_id CVE-2022-4137
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2022-4137
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4137
reference_id CVE-2022-4137
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4137
12
reference_url https://github.com/advisories/GHSA-9hhc-pj4w-w5rv
reference_id GHSA-9hhc-pj4w-w5rv
reference_type
scores
url https://github.com/advisories/GHSA-9hhc-pj4w-w5rv
13
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
reference_id GHSA-9hhc-pj4w-w5rv
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
fixed_packages
aliases CVE-2022-4137, GHSA-9hhc-pj4w-w5rv, GMS-2023-616
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7wt-ds9h-9bcu
11
url VCID-cg94-7n2h-7fac
vulnerability_id VCID-cg94-7n2h-7fac
summary 
Improper Input Validation
It was found that Keycloak's account console did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10199
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.2643
published_at 2026-06-05T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26326
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10199
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1729261
reference_id 1729261
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1729261
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10199
reference_id CVE-2019-10199
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10199
6
reference_url https://github.com/advisories/GHSA-p5xp-6vpf-jwvh
reference_id GHSA-p5xp-6vpf-jwvh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5xp-6vpf-jwvh
7
reference_url https://access.redhat.com/errata/RHSA-2019:2483
reference_id RHSA-2019:2483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2483
8
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
9
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@7.0.0
purl pkg:npm/keycloak-connect@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-b7wt-ds9h-9bcu
9
vulnerability VCID-crj8-4jaa-yyes
10
vulnerability VCID-cwqj-tnbj-3ubh
11
vulnerability VCID-dc8s-fqv5-1uhk
12
vulnerability VCID-dx7u-4d6j-cfee
13
vulnerability VCID-e5va-tex4-5yea
14
vulnerability VCID-jm25-gtrc-zuhh
15
vulnerability VCID-k6ct-rgvj-t3an
16
vulnerability VCID-kj7x-2shm-fqh1
17
vulnerability VCID-p1cj-f4de-1qc4
18
vulnerability VCID-rt61-271c-nkgk
19
vulnerability VCID-wgzd-wv2e-pyhy
20
vulnerability VCID-wt2c-cyu2-kbgm
21
vulnerability VCID-wuh8-4akm-2uae
22
vulnerability VCID-x24y-5nan-efg3
23
vulnerability VCID-xbkp-kjgd-fqcx
24
vulnerability VCID-xghp-f8g9-akhn
25
vulnerability VCID-y9de-4w6u-abfa
26
vulnerability VCID-zfgf-9455-d3fe
27
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0
aliases CVE-2019-10199, GHSA-p5xp-6vpf-jwvh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg94-7n2h-7fac
12
url VCID-crj8-4jaa-yyes
vulnerability_id VCID-crj8-4jaa-yyes
summary keycloak: Client Registration endpoint does not check token revocation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-0091
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/
url https://access.redhat.com/security/cve/CVE-2023-0091
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.52817
published_at 2026-06-05T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52758
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
reference_id 2158585
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
7
reference_url https://github.com/advisories/GHSA-v436-q368-hvgg
reference_id GHSA-v436-q368-hvgg
reference_type
scores
url https://github.com/advisories/GHSA-v436-q368-hvgg
fixed_packages
aliases CVE-2023-0091, GHSA-v436-q368-hvgg, GMS-2023-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crj8-4jaa-yyes
13
url VCID-cwqj-tnbj-3ubh
vulnerability_id VCID-cwqj-tnbj-3ubh
summary 
Information Exposure
A logged exception in the `HttpMethod` class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1698
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16187
published_at 2026-06-05T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.16104
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1698
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698
3
reference_url https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836
4
reference_url https://github.com/keycloak/keycloak/pull/6751
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/6751
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1790292
reference_id 1790292
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1790292
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1698
reference_id CVE-2020-1698
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1698
7
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
8
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
9
reference_url https://access.redhat.com/errata/RHSA-2020:5625
reference_id RHSA-2020:5625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5625
fixed_packages
0
url pkg:npm/keycloak-connect@9.0.0
purl pkg:npm/keycloak-connect@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-361y-pegm-gqbs
2
vulnerability VCID-38u7-pvx6-ayb4
3
vulnerability VCID-3ajr-7d59-8ycu
4
vulnerability VCID-6gee-p7fr-1yhy
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-b7wt-ds9h-9bcu
9
vulnerability VCID-crj8-4jaa-yyes
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-e5va-tex4-5yea
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-k6ct-rgvj-t3an
14
vulnerability VCID-psus-g9c1-vufx
15
vulnerability VCID-wgzd-wv2e-pyhy
16
vulnerability VCID-wt2c-cyu2-kbgm
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.0
aliases CVE-2020-1698, GHSA-qgmm-f2qw-r95f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwqj-tnbj-3ubh
14
url VCID-dc8s-fqv5-1uhk
vulnerability_id VCID-dc8s-fqv5-1uhk
summary 
Improper Privilege Management
It was found that Keycloak would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14389
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.3499
published_at 2026-06-04T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35086
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14389
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id 1875843
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1875843
3
reference_url https://access.redhat.com/security/cve/cve-2020-14389
reference_id CVE-2020-14389
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2020-14389
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14389
reference_id CVE-2020-14389
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14389
5
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
6
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
7
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
8
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:npm/keycloak-connect@12.0.0
purl pkg:npm/keycloak-connect@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-38u7-pvx6-ayb4
2
vulnerability VCID-3ajr-7d59-8ycu
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-e5va-tex4-5yea
10
vulnerability VCID-jm25-gtrc-zuhh
11
vulnerability VCID-k6ct-rgvj-t3an
12
vulnerability VCID-pu4g-rbu2-nbdb
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@12.0.0
aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc8s-fqv5-1uhk
15
url VCID-djda-aqxt-s3e9
vulnerability_id VCID-djda-aqxt-s3e9
summary 
Information Exposure
Keycloak allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user's browser session.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
1
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3868
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.51187
published_at 2026-06-05T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.51125
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3868
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868
5
reference_url http://www.securityfocus.com/bid/108061
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108061
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1679144
reference_id 1679144
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1679144
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3868
reference_id CVE-2019-3868
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3868
8
reference_url https://github.com/advisories/GHSA-gc52-xj6p-9pxp
reference_id GHSA-gc52-xj6p-9pxp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gc52-xj6p-9pxp
9
reference_url https://access.redhat.com/errata/RHSA-2019:0856
reference_id RHSA-2019:0856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0856
10
reference_url https://access.redhat.com/errata/RHSA-2019:0857
reference_id RHSA-2019:0857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0857
11
reference_url https://access.redhat.com/errata/RHSA-2019:0868
reference_id RHSA-2019:0868
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0868
12
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@6.0.1
purl pkg:npm/keycloak-connect@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-9719-srgk-33dh
8
vulnerability VCID-azxv-y5rj-vkg9
9
vulnerability VCID-b7wt-ds9h-9bcu
10
vulnerability VCID-cg94-7n2h-7fac
11
vulnerability VCID-crj8-4jaa-yyes
12
vulnerability VCID-cwqj-tnbj-3ubh
13
vulnerability VCID-dc8s-fqv5-1uhk
14
vulnerability VCID-dx7u-4d6j-cfee
15
vulnerability VCID-e5va-tex4-5yea
16
vulnerability VCID-jm25-gtrc-zuhh
17
vulnerability VCID-k6ct-rgvj-t3an
18
vulnerability VCID-p1cj-f4de-1qc4
19
vulnerability VCID-prsa-264j-mfah
20
vulnerability VCID-wgzd-wv2e-pyhy
21
vulnerability VCID-wt2c-cyu2-kbgm
22
vulnerability VCID-wuh8-4akm-2uae
23
vulnerability VCID-x24y-5nan-efg3
24
vulnerability VCID-xbkp-kjgd-fqcx
25
vulnerability VCID-xghp-f8g9-akhn
26
vulnerability VCID-y9de-4w6u-abfa
27
vulnerability VCID-zfgf-9455-d3fe
28
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@6.0.1
aliases CVE-2019-3868, GHSA-gc52-xj6p-9pxp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djda-aqxt-s3e9
16
url VCID-dx7u-4d6j-cfee
vulnerability_id VCID-dx7u-4d6j-cfee
summary 
Incorrect Authorization
A flaw was found in the Keycloak REST API, where it would permit user access from a realm the user, was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14832.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14832.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14832
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59982
published_at 2026-06-05T12:55:00Z
1
value 0.00383
scoring_system epss
scoring_elements 0.59936
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14832
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832
3
reference_url https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1749487
reference_id 1749487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1749487
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14832
reference_id CVE-2019-14832
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14832
6
reference_url https://github.com/advisories/GHSA-8prc-58j4-m55q
reference_id GHSA-8prc-58j4-m55q
reference_type
scores
url https://github.com/advisories/GHSA-8prc-58j4-m55q
7
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
8
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-361y-pegm-gqbs
2
vulnerability VCID-38u7-pvx6-ayb4
3
vulnerability VCID-3ajr-7d59-8ycu
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-cwqj-tnbj-3ubh
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-e5va-tex4-5yea
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-k6ct-rgvj-t3an
14
vulnerability VCID-wgzd-wv2e-pyhy
15
vulnerability VCID-wt2c-cyu2-kbgm
16
vulnerability VCID-wuh8-4akm-2uae
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2019-14832, GHSA-8prc-58j4-m55q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx7u-4d6j-cfee
17
url VCID-e5va-tex4-5yea
vulnerability_id VCID-e5va-tex4-5yea
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1043
1
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1044
2
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1045
3
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1047
4
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1049
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1438
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37517
published_at 2026-06-05T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37424
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1438
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2031904
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2031904
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
15
reference_url https://access.redhat.com/security/cve/cve-2022-1438
reference_id CVE-2022-1438
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2022-1438
16
reference_url https://access.redhat.com/security/cve/CVE-2022-1438
reference_id CVE-2022-1438
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/security/cve/CVE-2022-1438
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1438
reference_id CVE-2022-1438
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1438
18
reference_url https://github.com/advisories/GHSA-w354-2f3c-qvg9
reference_id GHSA-w354-2f3c-qvg9
reference_type
scores
url https://github.com/advisories/GHSA-w354-2f3c-qvg9
19
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
reference_id GHSA-w354-2f3c-qvg9
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
fixed_packages
aliases CVE-2022-1438, GHSA-w354-2f3c-qvg9, GMS-2023-529
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5va-tex4-5yea
18
url VCID-eucs-thxn-4kfv
vulnerability_id VCID-eucs-thxn-4kfv
summary 
Improper Authentication
It was found that Keycloak's Node.js adapter did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10157.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10157.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10157
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05406
published_at 2026-06-05T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05385
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10157
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157
3
reference_url https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6
4
reference_url https://snyk.io/vuln/SNYK-JS-KEYCLOAKNODEJSCONNECT-449920
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-KEYCLOAKNODEJSCONNECT-449920
5
reference_url https://www.npmjs.com/advisories/978
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/978
6
reference_url http://www.securityfocus.com/bid/108734
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108734
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1702953
reference_id 1702953
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1702953
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10157
reference_id CVE-2019-10157
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10157
9
reference_url https://github.com/advisories/GHSA-68hw-vfh7-xvg8
reference_id GHSA-68hw-vfh7-xvg8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68hw-vfh7-xvg8
fixed_packages
0
url pkg:npm/keycloak-connect@4.8.3
purl pkg:npm/keycloak-connect@4.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-9719-srgk-33dh
8
vulnerability VCID-azxv-y5rj-vkg9
9
vulnerability VCID-b7wt-ds9h-9bcu
10
vulnerability VCID-cg94-7n2h-7fac
11
vulnerability VCID-crj8-4jaa-yyes
12
vulnerability VCID-cwqj-tnbj-3ubh
13
vulnerability VCID-dc8s-fqv5-1uhk
14
vulnerability VCID-djda-aqxt-s3e9
15
vulnerability VCID-dx7u-4d6j-cfee
16
vulnerability VCID-e5va-tex4-5yea
17
vulnerability VCID-jm25-gtrc-zuhh
18
vulnerability VCID-k6ct-rgvj-t3an
19
vulnerability VCID-p1cj-f4de-1qc4
20
vulnerability VCID-prsa-264j-mfah
21
vulnerability VCID-wgzd-wv2e-pyhy
22
vulnerability VCID-wt2c-cyu2-kbgm
23
vulnerability VCID-wuh8-4akm-2uae
24
vulnerability VCID-x24y-5nan-efg3
25
vulnerability VCID-xbkp-kjgd-fqcx
26
vulnerability VCID-xghp-f8g9-akhn
27
vulnerability VCID-y9de-4w6u-abfa
28
vulnerability VCID-zfgf-9455-d3fe
29
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.8.3
aliases CVE-2019-10157, GHSA-68hw-vfh7-xvg8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eucs-thxn-4kfv
19
url VCID-jm25-gtrc-zuhh
vulnerability_id VCID-jm25-gtrc-zuhh
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20202
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14449
published_at 2026-06-04T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14519
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20202
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1922128
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1922128
3
reference_url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j
4
reference_url https://issues.redhat.com/browse/KEYCLOAK-17000
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-17000
5
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
6
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20202
reference_id CVE-2021-20202
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20202
8
reference_url https://github.com/advisories/GHSA-6xp6-fmc8-pmmr
reference_id GHSA-6xp6-fmc8-pmmr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xp6-fmc8-pmmr
fixed_packages
0
url pkg:npm/keycloak-connect@13.0.0
purl pkg:npm/keycloak-connect@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-38u7-pvx6-ayb4
2
vulnerability VCID-3ajr-7d59-8ycu
3
vulnerability VCID-6vdm-7hxn-3kh3
4
vulnerability VCID-azxv-y5rj-vkg9
5
vulnerability VCID-b7wt-ds9h-9bcu
6
vulnerability VCID-crj8-4jaa-yyes
7
vulnerability VCID-e5va-tex4-5yea
8
vulnerability VCID-k6ct-rgvj-t3an
9
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@13.0.0
aliases CVE-2021-20202, GHSA-6xp6-fmc8-pmmr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm25-gtrc-zuhh
20
url VCID-k6ct-rgvj-t3an
vulnerability_id VCID-k6ct-rgvj-t3an
summary 
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6134
reference_id
reference_type
scores
0
value 0.02468
scoring_system epss
scoring_elements 0.85563
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6134
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2249673
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2249673
10
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
11
reference_url https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20
12
reference_url https://access.redhat.com/security/cve/CVE-2023-6134
reference_id CVE-2023-6134
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-6134
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6134
reference_id CVE-2023-6134
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6134
14
reference_url https://github.com/advisories/GHSA-cvg2-7c3j-g36j
reference_id GHSA-cvg2-7c3j-g36j
reference_type
scores
url https://github.com/advisories/GHSA-cvg2-7c3j-g36j
15
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j
reference_id GHSA-cvg2-7c3j-g36j
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j
fixed_packages
0
url pkg:npm/keycloak-connect@23.0.0
purl pkg:npm/keycloak-connect@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38u7-pvx6-ayb4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@23.0.0
aliases CVE-2023-6134, GHSA-cvg2-7c3j-g36j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ct-rgvj-t3an
21
url VCID-p1cj-f4de-1qc4
vulnerability_id VCID-p1cj-f4de-1qc4
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10170
reference_id
reference_type
scores
0
value 0.00742
scoring_system epss
scoring_elements 0.73381
published_at 2026-06-05T12:55:00Z
1
value 0.00742
scoring_system epss
scoring_elements 0.73345
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10170
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1721295
reference_id 1721295
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1721295
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10170
reference_id CVE-2019-10170
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10170
6
reference_url https://github.com/advisories/GHSA-7m27-3587-83xf
reference_id GHSA-7m27-3587-83xf
reference_type
scores
url https://github.com/advisories/GHSA-7m27-3587-83xf
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-361y-pegm-gqbs
2
vulnerability VCID-38u7-pvx6-ayb4
3
vulnerability VCID-3ajr-7d59-8ycu
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-cwqj-tnbj-3ubh
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-e5va-tex4-5yea
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-k6ct-rgvj-t3an
14
vulnerability VCID-wgzd-wv2e-pyhy
15
vulnerability VCID-wt2c-cyu2-kbgm
16
vulnerability VCID-wuh8-4akm-2uae
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2019-10170, GHSA-7m27-3587-83xf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1cj-f4de-1qc4
22
url VCID-prsa-264j-mfah
vulnerability_id VCID-prsa-264j-mfah
summary 
Improper Authentication
It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the `<Signature>` sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10201
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33258
published_at 2026-06-05T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10201
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728609
reference_id 1728609
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728609
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10201
reference_id CVE-2019-10201
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10201
5
reference_url https://github.com/advisories/GHSA-4fgq-gq9g-3rw7
reference_id GHSA-4fgq-gq9g-3rw7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fgq-gq9g-3rw7
6
reference_url https://access.redhat.com/errata/RHSA-2019:2483
reference_id RHSA-2019:2483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2483
7
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
8
reference_url https://access.redhat.com/errata/RHSA-2020:2366
reference_id RHSA-2020:2366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2366
fixed_packages
0
url pkg:npm/keycloak-connect@7.0.0
purl pkg:npm/keycloak-connect@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-b7wt-ds9h-9bcu
9
vulnerability VCID-crj8-4jaa-yyes
10
vulnerability VCID-cwqj-tnbj-3ubh
11
vulnerability VCID-dc8s-fqv5-1uhk
12
vulnerability VCID-dx7u-4d6j-cfee
13
vulnerability VCID-e5va-tex4-5yea
14
vulnerability VCID-jm25-gtrc-zuhh
15
vulnerability VCID-k6ct-rgvj-t3an
16
vulnerability VCID-kj7x-2shm-fqh1
17
vulnerability VCID-p1cj-f4de-1qc4
18
vulnerability VCID-rt61-271c-nkgk
19
vulnerability VCID-wgzd-wv2e-pyhy
20
vulnerability VCID-wt2c-cyu2-kbgm
21
vulnerability VCID-wuh8-4akm-2uae
22
vulnerability VCID-x24y-5nan-efg3
23
vulnerability VCID-xbkp-kjgd-fqcx
24
vulnerability VCID-xghp-f8g9-akhn
25
vulnerability VCID-y9de-4w6u-abfa
26
vulnerability VCID-zfgf-9455-d3fe
27
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0
aliases CVE-2019-10201, GHSA-4fgq-gq9g-3rw7
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prsa-264j-mfah
23
url VCID-wgzd-wv2e-pyhy
vulnerability_id VCID-wgzd-wv2e-pyhy
summary 
Improper Restriction of Rendered UI Layers or Frames
A vulnerability was found in all versions of Keycloak where the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1728
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.3248
published_at 2026-06-04T12:55:00Z
1
value 0.00134
scoring_system epss
scoring_elements 0.32552
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1728
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-12264
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-12264
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800585
reference_id 1800585
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800585
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1728
reference_id CVE-2020-1728
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1728
6
reference_url https://github.com/advisories/GHSA-3gg7-9q2x-79fc
reference_id GHSA-3gg7-9q2x-79fc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3gg7-9q2x-79fc
7
reference_url https://access.redhat.com/errata/RHSA-2020:3495
reference_id RHSA-2020:3495
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3495
8
reference_url https://access.redhat.com/errata/RHSA-2020:3496
reference_id RHSA-2020:3496
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3496
9
reference_url https://access.redhat.com/errata/RHSA-2020:3497
reference_id RHSA-2020:3497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3497
10
reference_url https://access.redhat.com/errata/RHSA-2020:3501
reference_id RHSA-2020:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3501
11
reference_url https://access.redhat.com/errata/RHSA-2020:3539
reference_id RHSA-2020:3539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3539
12
reference_url https://access.redhat.com/errata/RHSA-2020:4213
reference_id RHSA-2020:4213
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4213
13
reference_url https://access.redhat.com/errata/RHSA-2020:4252
reference_id RHSA-2020:4252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4252
fixed_packages
0
url pkg:npm/keycloak-connect@10.0.0
purl pkg:npm/keycloak-connect@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-38u7-pvx6-ayb4
2
vulnerability VCID-3ajr-7d59-8ycu
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-dc8s-fqv5-1uhk
10
vulnerability VCID-e5va-tex4-5yea
11
vulnerability VCID-jm25-gtrc-zuhh
12
vulnerability VCID-k6ct-rgvj-t3an
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-xbkp-kjgd-fqcx
15
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0
aliases CVE-2020-1728, GHSA-3gg7-9q2x-79fc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgzd-wv2e-pyhy
24
url VCID-wt2c-cyu2-kbgm
vulnerability_id VCID-wt2c-cyu2-kbgm
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27838
reference_id
reference_type
scores
0
value 0.85144
scoring_system epss
scoring_elements 0.99373
published_at 2026-06-05T12:55:00Z
1
value 0.85144
scoring_system epss
scoring_elements 0.99371
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27838
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1906797
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1906797
3
reference_url https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
4
reference_url https://github.com/keycloak/keycloak/pull/7790
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7790
5
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
6
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27838
reference_id CVE-2020-27838
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27838
8
reference_url https://github.com/advisories/GHSA-pcv5-m2wh-66j3
reference_id GHSA-pcv5-m2wh-66j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pcv5-m2wh-66j3
fixed_packages
aliases CVE-2020-27838, GHSA-pcv5-m2wh-66j3
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2c-cyu2-kbgm
25
url VCID-wuh8-4akm-2uae
vulnerability_id VCID-wuh8-4akm-2uae
summary 
Cross-site Scripting
In Keycloak, links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1697
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.5198
published_at 2026-06-05T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.5192
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1697
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1791538
reference_id 1791538
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1791538
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1697
reference_id CVE-2020-1697
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1697
5
reference_url https://github.com/advisories/GHSA-8vf3-4w62-m3pq
reference_id GHSA-8vf3-4w62-m3pq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vf3-4w62-m3pq
6
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
7
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
fixed_packages
0
url pkg:npm/keycloak-connect@9.0.0
purl pkg:npm/keycloak-connect@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-361y-pegm-gqbs
2
vulnerability VCID-38u7-pvx6-ayb4
3
vulnerability VCID-3ajr-7d59-8ycu
4
vulnerability VCID-6gee-p7fr-1yhy
5
vulnerability VCID-6vdm-7hxn-3kh3
6
vulnerability VCID-7662-z35s-9qeq
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-b7wt-ds9h-9bcu
9
vulnerability VCID-crj8-4jaa-yyes
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-e5va-tex4-5yea
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-k6ct-rgvj-t3an
14
vulnerability VCID-psus-g9c1-vufx
15
vulnerability VCID-wgzd-wv2e-pyhy
16
vulnerability VCID-wt2c-cyu2-kbgm
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.0
aliases CVE-2020-1697, GHSA-8vf3-4w62-m3pq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wuh8-4akm-2uae
26
url VCID-x24y-5nan-efg3
vulnerability_id VCID-x24y-5nan-efg3
summary 
Improper Privilege Management
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10169.json
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10169.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10169
reference_id
reference_type
scores
0
value 0.00608
scoring_system epss
scoring_elements 0.70127
published_at 2026-06-05T12:55:00Z
1
value 0.00608
scoring_system epss
scoring_elements 0.70086
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10169
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568797
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568797
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1721302
reference_id 1721302
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1721302
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10169
reference_id CVE-2019-10169
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10169
7
reference_url https://github.com/advisories/GHSA-9c24-43p5-fv82
reference_id GHSA-9c24-43p5-fv82
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c24-43p5-fv82
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-361y-pegm-gqbs
2
vulnerability VCID-38u7-pvx6-ayb4
3
vulnerability VCID-3ajr-7d59-8ycu
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-cwqj-tnbj-3ubh
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-e5va-tex4-5yea
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-k6ct-rgvj-t3an
14
vulnerability VCID-wgzd-wv2e-pyhy
15
vulnerability VCID-wt2c-cyu2-kbgm
16
vulnerability VCID-wuh8-4akm-2uae
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2019-10169, GHSA-9c24-43p5-fv82
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x24y-5nan-efg3
27
url VCID-xbkp-kjgd-fqcx
vulnerability_id VCID-xbkp-kjgd-fqcx
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39491
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
10
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
11
reference_url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
29
reference_url https://access.redhat.com/security/cve/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/security/cve/CVE-2023-6291
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
31
reference_url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
32
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
fixed_packages
0
url pkg:npm/keycloak-connect@23.0.0
purl pkg:npm/keycloak-connect@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-38u7-pvx6-ayb4
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@23.0.0
aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx
28
url VCID-xghp-f8g9-akhn
vulnerability_id VCID-xghp-f8g9-akhn
summary 
Incorrect Permission Assignment for Critical Resource
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1694
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.51241
published_at 2026-06-05T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.51179
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1694
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1790759
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1790759
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1694
reference_id CVE-2020-1694
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1694
4
reference_url https://github.com/advisories/GHSA-72j4-94rx-cr6w
reference_id GHSA-72j4-94rx-cr6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72j4-94rx-cr6w
5
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
fixed_packages
0
url pkg:npm/keycloak-connect@10.0.0
purl pkg:npm/keycloak-connect@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-38u7-pvx6-ayb4
2
vulnerability VCID-3ajr-7d59-8ycu
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-dc8s-fqv5-1uhk
10
vulnerability VCID-e5va-tex4-5yea
11
vulnerability VCID-jm25-gtrc-zuhh
12
vulnerability VCID-k6ct-rgvj-t3an
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-xbkp-kjgd-fqcx
15
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0
aliases CVE-2020-1694, GHSA-72j4-94rx-cr6w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-f8g9-akhn
29
url VCID-y9de-4w6u-abfa
vulnerability_id VCID-y9de-4w6u-abfa
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50801
published_at 2026-06-05T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50741
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
3
reference_url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
reference_id CVE-2020-10776
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
5
reference_url https://github.com/advisories/GHSA-484q-784p-8m5h
reference_id GHSA-484q-784p-8m5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-484q-784p-8m5h
6
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
7
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
8
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
9
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:npm/keycloak-connect@12.0.0
purl pkg:npm/keycloak-connect@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-38u7-pvx6-ayb4
2
vulnerability VCID-3ajr-7d59-8ycu
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-e5va-tex4-5yea
10
vulnerability VCID-jm25-gtrc-zuhh
11
vulnerability VCID-k6ct-rgvj-t3an
12
vulnerability VCID-pu4g-rbu2-nbdb
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@12.0.0
aliases CVE-2020-10776, GHSA-484q-784p-8m5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa
30
url VCID-zfgf-9455-d3fe
vulnerability_id VCID-zfgf-9455-d3fe
summary 
Information Exposure
It was found that keycloak exposes internal adapter endpoints in `org.keycloak.constants.AdapterConstants`, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14820
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54547
published_at 2026-06-05T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54489
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14820
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1649870
reference_id 1649870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1649870
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14820
reference_id CVE-2019-14820
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14820
5
reference_url https://github.com/advisories/GHSA-xfqh-7356-vqjj
reference_id GHSA-xfqh-7356-vqjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xfqh-7356-vqjj
6
reference_url https://access.redhat.com/errata/RHSA-2019:3048
reference_id RHSA-2019:3048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3048
7
reference_url https://access.redhat.com/errata/RHSA-2019:3049
reference_id RHSA-2019:3049
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3049
8
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
fixed_packages
0
url pkg:npm/keycloak-connect@8.0.0
purl pkg:npm/keycloak-connect@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-361y-pegm-gqbs
2
vulnerability VCID-38u7-pvx6-ayb4
3
vulnerability VCID-3ajr-7d59-8ycu
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-cwqj-tnbj-3ubh
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-e5va-tex4-5yea
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-k6ct-rgvj-t3an
14
vulnerability VCID-wgzd-wv2e-pyhy
15
vulnerability VCID-wt2c-cyu2-kbgm
16
vulnerability VCID-wuh8-4akm-2uae
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0
aliases CVE-2019-14820, GHSA-xfqh-7356-vqjj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zfgf-9455-d3fe
31
url VCID-zkxq-ejyr-8ba8
vulnerability_id VCID-zkxq-ejyr-8ba8
summary 
Improper Handling of Exceptional Conditions
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1744
reference_id
reference_type
scores
0
value 0.00192
scoring_system epss
scoring_elements 0.40975
published_at 2026-06-05T12:55:00Z
1
value 0.00192
scoring_system epss
scoring_elements 0.40898
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1744
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805792
reference_id 1805792
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805792
5
reference_url https://access.redhat.com/security/cve/CVE-2020-1744
reference_id CVE-2020-1744
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2020-1744
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1744
reference_id CVE-2020-1744
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1744
7
reference_url https://github.com/advisories/GHSA-4gf2-xv97-63m2
reference_id GHSA-4gf2-xv97-63m2
reference_type
scores
url https://github.com/advisories/GHSA-4gf2-xv97-63m2
8
reference_url https://access.redhat.com/errata/RHSA-2020:0945
reference_id RHSA-2020:0945
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0945
9
reference_url https://access.redhat.com/errata/RHSA-2020:0946
reference_id RHSA-2020:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0946
10
reference_url https://access.redhat.com/errata/RHSA-2020:0947
reference_id RHSA-2020:0947
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0947
11
reference_url https://access.redhat.com/errata/RHSA-2020:0951
reference_id RHSA-2020:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0951
12
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
13
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
fixed_packages
0
url pkg:npm/keycloak-connect@9.0.2
purl pkg:npm/keycloak-connect@9.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-38u7-pvx6-ayb4
2
vulnerability VCID-3ajr-7d59-8ycu
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-6vdm-7hxn-3kh3
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-b7wt-ds9h-9bcu
8
vulnerability VCID-crj8-4jaa-yyes
9
vulnerability VCID-dc8s-fqv5-1uhk
10
vulnerability VCID-e5va-tex4-5yea
11
vulnerability VCID-jm25-gtrc-zuhh
12
vulnerability VCID-k6ct-rgvj-t3an
13
vulnerability VCID-wgzd-wv2e-pyhy
14
vulnerability VCID-wt2c-cyu2-kbgm
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.2
aliases CVE-2020-1744, GHSA-4gf2-xv97-63m2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkxq-ejyr-8ba8
Fixing_vulnerabilities
0
url VCID-39am-wkz3-8ubu
vulnerability_id VCID-39am-wkz3-8ubu
summary 
Cross-site Scripting
When using `response_mode=form_post` it is possible to inject arbitrary Javascript-Code via the `state`-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3592
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3592
1
reference_url https://access.redhat.com/errata/RHSA-2018:3593
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3593
2
reference_url https://access.redhat.com/errata/RHSA-2018:3595
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3595
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14655
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44743
published_at 2026-06-05T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44673
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14655
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1625396
reference_id 1625396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1625396
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14655
reference_id CVE-2018-14655
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14655
9
reference_url https://github.com/advisories/GHSA-458h-wv48-fq75
reference_id GHSA-458h-wv48-fq75
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-458h-wv48-fq75
fixed_packages
0
url pkg:npm/keycloak-connect@4.0.0-beta.1
purl pkg:npm/keycloak-connect@4.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-5zh6-37gp-pbas
6
vulnerability VCID-6vdm-7hxn-3kh3
7
vulnerability VCID-7662-z35s-9qeq
8
vulnerability VCID-9719-srgk-33dh
9
vulnerability VCID-azxv-y5rj-vkg9
10
vulnerability VCID-b7wt-ds9h-9bcu
11
vulnerability VCID-cg94-7n2h-7fac
12
vulnerability VCID-crj8-4jaa-yyes
13
vulnerability VCID-cwqj-tnbj-3ubh
14
vulnerability VCID-dc8s-fqv5-1uhk
15
vulnerability VCID-djda-aqxt-s3e9
16
vulnerability VCID-dx7u-4d6j-cfee
17
vulnerability VCID-e5va-tex4-5yea
18
vulnerability VCID-eucs-thxn-4kfv
19
vulnerability VCID-jm25-gtrc-zuhh
20
vulnerability VCID-k6ct-rgvj-t3an
21
vulnerability VCID-p1cj-f4de-1qc4
22
vulnerability VCID-prsa-264j-mfah
23
vulnerability VCID-wgzd-wv2e-pyhy
24
vulnerability VCID-wt2c-cyu2-kbgm
25
vulnerability VCID-wuh8-4akm-2uae
26
vulnerability VCID-x24y-5nan-efg3
27
vulnerability VCID-xbkp-kjgd-fqcx
28
vulnerability VCID-xghp-f8g9-akhn
29
vulnerability VCID-y9de-4w6u-abfa
30
vulnerability VCID-zfgf-9455-d3fe
31
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.0.0-beta.1
1
url pkg:npm/keycloak-connect@4.0.0-beta.3
purl pkg:npm/keycloak-connect@4.0.0-beta.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-5zh6-37gp-pbas
6
vulnerability VCID-6vdm-7hxn-3kh3
7
vulnerability VCID-7662-z35s-9qeq
8
vulnerability VCID-9719-srgk-33dh
9
vulnerability VCID-azxv-y5rj-vkg9
10
vulnerability VCID-b7wt-ds9h-9bcu
11
vulnerability VCID-cg94-7n2h-7fac
12
vulnerability VCID-crj8-4jaa-yyes
13
vulnerability VCID-cwqj-tnbj-3ubh
14
vulnerability VCID-dc8s-fqv5-1uhk
15
vulnerability VCID-djda-aqxt-s3e9
16
vulnerability VCID-dx7u-4d6j-cfee
17
vulnerability VCID-e5va-tex4-5yea
18
vulnerability VCID-eucs-thxn-4kfv
19
vulnerability VCID-jm25-gtrc-zuhh
20
vulnerability VCID-k6ct-rgvj-t3an
21
vulnerability VCID-p1cj-f4de-1qc4
22
vulnerability VCID-prsa-264j-mfah
23
vulnerability VCID-wgzd-wv2e-pyhy
24
vulnerability VCID-wt2c-cyu2-kbgm
25
vulnerability VCID-wuh8-4akm-2uae
26
vulnerability VCID-x24y-5nan-efg3
27
vulnerability VCID-xbkp-kjgd-fqcx
28
vulnerability VCID-xghp-f8g9-akhn
29
vulnerability VCID-y9de-4w6u-abfa
30
vulnerability VCID-zfgf-9455-d3fe
31
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.0.0-beta.3
2
url pkg:npm/keycloak-connect@4.1.0
purl pkg:npm/keycloak-connect@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-5zh6-37gp-pbas
6
vulnerability VCID-6vdm-7hxn-3kh3
7
vulnerability VCID-7662-z35s-9qeq
8
vulnerability VCID-9719-srgk-33dh
9
vulnerability VCID-azxv-y5rj-vkg9
10
vulnerability VCID-b7wt-ds9h-9bcu
11
vulnerability VCID-cg94-7n2h-7fac
12
vulnerability VCID-crj8-4jaa-yyes
13
vulnerability VCID-cwqj-tnbj-3ubh
14
vulnerability VCID-dc8s-fqv5-1uhk
15
vulnerability VCID-djda-aqxt-s3e9
16
vulnerability VCID-dx7u-4d6j-cfee
17
vulnerability VCID-e5va-tex4-5yea
18
vulnerability VCID-eucs-thxn-4kfv
19
vulnerability VCID-jm25-gtrc-zuhh
20
vulnerability VCID-k6ct-rgvj-t3an
21
vulnerability VCID-p1cj-f4de-1qc4
22
vulnerability VCID-prsa-264j-mfah
23
vulnerability VCID-wgzd-wv2e-pyhy
24
vulnerability VCID-wt2c-cyu2-kbgm
25
vulnerability VCID-wuh8-4akm-2uae
26
vulnerability VCID-x24y-5nan-efg3
27
vulnerability VCID-xbkp-kjgd-fqcx
28
vulnerability VCID-xghp-f8g9-akhn
29
vulnerability VCID-y9de-4w6u-abfa
30
vulnerability VCID-zfgf-9455-d3fe
31
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.1.0
3
url pkg:npm/keycloak-connect@4.4.0
purl pkg:npm/keycloak-connect@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-5zh6-37gp-pbas
6
vulnerability VCID-6vdm-7hxn-3kh3
7
vulnerability VCID-7662-z35s-9qeq
8
vulnerability VCID-9719-srgk-33dh
9
vulnerability VCID-azxv-y5rj-vkg9
10
vulnerability VCID-b7wt-ds9h-9bcu
11
vulnerability VCID-cg94-7n2h-7fac
12
vulnerability VCID-crj8-4jaa-yyes
13
vulnerability VCID-cwqj-tnbj-3ubh
14
vulnerability VCID-dc8s-fqv5-1uhk
15
vulnerability VCID-djda-aqxt-s3e9
16
vulnerability VCID-dx7u-4d6j-cfee
17
vulnerability VCID-e5va-tex4-5yea
18
vulnerability VCID-eucs-thxn-4kfv
19
vulnerability VCID-jm25-gtrc-zuhh
20
vulnerability VCID-k6ct-rgvj-t3an
21
vulnerability VCID-p1cj-f4de-1qc4
22
vulnerability VCID-prsa-264j-mfah
23
vulnerability VCID-wgzd-wv2e-pyhy
24
vulnerability VCID-wt2c-cyu2-kbgm
25
vulnerability VCID-wuh8-4akm-2uae
26
vulnerability VCID-x24y-5nan-efg3
27
vulnerability VCID-xbkp-kjgd-fqcx
28
vulnerability VCID-xghp-f8g9-akhn
29
vulnerability VCID-y9de-4w6u-abfa
30
vulnerability VCID-zfgf-9455-d3fe
31
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.4.0
aliases CVE-2018-14655, GHSA-458h-wv48-fq75
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39am-wkz3-8ubu
1
url VCID-bj1j-1evb-wkgr
vulnerability_id VCID-bj1j-1evb-wkgr
summary 
Improper Authentication
When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3592
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3592
1
reference_url https://access.redhat.com/errata/RHSA-2018:3593
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3593
2
reference_url https://access.redhat.com/errata/RHSA-2018:3595
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3595
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14657
reference_id
reference_type
scores
0
value 0.00346
scoring_system epss
scoring_elements 0.57481
published_at 2026-06-05T12:55:00Z
1
value 0.00346
scoring_system epss
scoring_elements 0.57428
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14657
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1625404
reference_id 1625404
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1625404
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14657
reference_id CVE-2018-14657
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14657
9
reference_url https://github.com/advisories/GHSA-85v8-vx4w-q684
reference_id GHSA-85v8-vx4w-q684
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-85v8-vx4w-q684
fixed_packages
0
url pkg:npm/keycloak-connect@4.4.0
purl pkg:npm/keycloak-connect@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-361y-pegm-gqbs
3
vulnerability VCID-38u7-pvx6-ayb4
4
vulnerability VCID-3ajr-7d59-8ycu
5
vulnerability VCID-5zh6-37gp-pbas
6
vulnerability VCID-6vdm-7hxn-3kh3
7
vulnerability VCID-7662-z35s-9qeq
8
vulnerability VCID-9719-srgk-33dh
9
vulnerability VCID-azxv-y5rj-vkg9
10
vulnerability VCID-b7wt-ds9h-9bcu
11
vulnerability VCID-cg94-7n2h-7fac
12
vulnerability VCID-crj8-4jaa-yyes
13
vulnerability VCID-cwqj-tnbj-3ubh
14
vulnerability VCID-dc8s-fqv5-1uhk
15
vulnerability VCID-djda-aqxt-s3e9
16
vulnerability VCID-dx7u-4d6j-cfee
17
vulnerability VCID-e5va-tex4-5yea
18
vulnerability VCID-eucs-thxn-4kfv
19
vulnerability VCID-jm25-gtrc-zuhh
20
vulnerability VCID-k6ct-rgvj-t3an
21
vulnerability VCID-p1cj-f4de-1qc4
22
vulnerability VCID-prsa-264j-mfah
23
vulnerability VCID-wgzd-wv2e-pyhy
24
vulnerability VCID-wt2c-cyu2-kbgm
25
vulnerability VCID-wuh8-4akm-2uae
26
vulnerability VCID-x24y-5nan-efg3
27
vulnerability VCID-xbkp-kjgd-fqcx
28
vulnerability VCID-xghp-f8g9-akhn
29
vulnerability VCID-y9de-4w6u-abfa
30
vulnerability VCID-zfgf-9455-d3fe
31
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.4.0
aliases CVE-2018-14657, GHSA-85v8-vx4w-q684
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bj1j-1evb-wkgr
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.4.0