Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/keycloak-connect@0.0.0
Typenpm
Namespace
Namekeycloak-connect
Version0.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-7j7q-m1zp-zfac
vulnerability_id VCID-7j7q-m1zp-zfac
summary 
Keycloak has lack of validation of access token on client registrations endpoint
When a service account with the create-client or manage-clients role can use the client-registration endpoints to create/manage clients with an access token.

If the access token is leaked, there is an option to revoke the specific token. However, the check is not performed in client-registration endpoints.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-0091
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/
url https://access.redhat.com/security/cve/CVE-2023-0091
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28257
published_at 2026-04-21T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.28302
published_at 2026-04-07T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28367
published_at 2026-04-08T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.28411
published_at 2026-04-09T12:55:00Z
4
value 0.00104
scoring_system epss
scoring_elements 0.28414
published_at 2026-04-11T12:55:00Z
5
value 0.00104
scoring_system epss
scoring_elements 0.28371
published_at 2026-04-12T12:55:00Z
6
value 0.00104
scoring_system epss
scoring_elements 0.28313
published_at 2026-04-13T12:55:00Z
7
value 0.00104
scoring_system epss
scoring_elements 0.28325
published_at 2026-04-16T12:55:00Z
8
value 0.00104
scoring_system epss
scoring_elements 0.28303
published_at 2026-04-18T12:55:00Z
9
value 0.00104
scoring_system epss
scoring_elements 0.28469
published_at 2026-04-02T12:55:00Z
10
value 0.00104
scoring_system epss
scoring_elements 0.28511
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
reference_id 2158585
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
7
reference_url https://github.com/advisories/GHSA-v436-q368-hvgg
reference_id GHSA-v436-q368-hvgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v436-q368-hvgg
fixed_packages
aliases CVE-2023-0091, GHSA-v436-q368-hvgg, GMS-2023-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j7q-m1zp-zfac
1
url VCID-ebn8-cjqs-k3ad
vulnerability_id VCID-ebn8-cjqs-k3ad
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:1043
1
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:1044
2
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:1045
3
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:1049
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4137.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4137
reference_id
reference_type
scores
0
value 0.00529
scoring_system epss
scoring_elements 0.67207
published_at 2026-04-08T12:55:00Z
1
value 0.00529
scoring_system epss
scoring_elements 0.6722
published_at 2026-04-09T12:55:00Z
2
value 0.00529
scoring_system epss
scoring_elements 0.6724
published_at 2026-04-11T12:55:00Z
3
value 0.00529
scoring_system epss
scoring_elements 0.67158
published_at 2026-04-07T12:55:00Z
4
value 0.00529
scoring_system epss
scoring_elements 0.67192
published_at 2026-04-13T12:55:00Z
5
value 0.00529
scoring_system epss
scoring_elements 0.67227
published_at 2026-04-16T12:55:00Z
6
value 0.00529
scoring_system epss
scoring_elements 0.67239
published_at 2026-04-18T12:55:00Z
7
value 0.00529
scoring_system epss
scoring_elements 0.67226
published_at 2026-04-12T12:55:00Z
8
value 0.00529
scoring_system epss
scoring_elements 0.67182
published_at 2026-04-04T12:55:00Z
9
value 0.00544
scoring_system epss
scoring_elements 0.67776
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4137
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2148496
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2148496
7
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
8
reference_url https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/30d0e9d22dae51392e5a3748a1c68c116667359a
9
reference_url https://github.com/keycloak/keycloak/pull/16774
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/16774
10
reference_url https://access.redhat.com/security/cve/CVE-2022-4137
reference_id CVE-2022-4137
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2022-4137
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4137
reference_id CVE-2022-4137
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4137
12
reference_url https://github.com/advisories/GHSA-9hhc-pj4w-w5rv
reference_id GHSA-9hhc-pj4w-w5rv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9hhc-pj4w-w5rv
13
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
reference_id GHSA-9hhc-pj4w-w5rv
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-9hhc-pj4w-w5rv
fixed_packages
aliases CVE-2022-4137, GHSA-9hhc-pj4w-w5rv, GMS-2023-616
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebn8-cjqs-k3ad
2
url VCID-gp47-t3vm-57an
vulnerability_id VCID-gp47-t3vm-57an
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1043
1
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1044
2
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1045
3
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1047
4
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/errata/RHSA-2023:1049
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1438.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1438
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37716
published_at 2026-04-21T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37645
published_at 2026-04-01T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.37827
published_at 2026-04-02T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.37853
published_at 2026-04-04T12:55:00Z
4
value 0.00166
scoring_system epss
scoring_elements 0.37731
published_at 2026-04-07T12:55:00Z
5
value 0.00166
scoring_system epss
scoring_elements 0.37781
published_at 2026-04-08T12:55:00Z
6
value 0.00166
scoring_system epss
scoring_elements 0.37794
published_at 2026-04-09T12:55:00Z
7
value 0.00166
scoring_system epss
scoring_elements 0.37808
published_at 2026-04-11T12:55:00Z
8
value 0.00166
scoring_system epss
scoring_elements 0.37773
published_at 2026-04-12T12:55:00Z
9
value 0.00166
scoring_system epss
scoring_elements 0.37748
published_at 2026-04-13T12:55:00Z
10
value 0.00166
scoring_system epss
scoring_elements 0.37796
published_at 2026-04-16T12:55:00Z
11
value 0.00166
scoring_system epss
scoring_elements 0.37776
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1438
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2031904
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2031904
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
15
reference_url https://access.redhat.com/security/cve/cve-2022-1438
reference_id CVE-2022-1438
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2022-1438
16
reference_url https://access.redhat.com/security/cve/CVE-2022-1438
reference_id CVE-2022-1438
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T15:05:51Z/
url https://access.redhat.com/security/cve/CVE-2022-1438
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1438
reference_id CVE-2022-1438
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1438
18
reference_url https://github.com/advisories/GHSA-w354-2f3c-qvg9
reference_id GHSA-w354-2f3c-qvg9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w354-2f3c-qvg9
19
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
reference_id GHSA-w354-2f3c-qvg9
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg9
fixed_packages
aliases CVE-2022-1438, GHSA-w354-2f3c-qvg9, GMS-2023-529
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gp47-t3vm-57an
3
url VCID-xq2v-4txb-sueu
vulnerability_id VCID-xq2v-4txb-sueu
summary 
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Impersonation and lockout are possible due to email trust not being handled correctly in Keycloak. Since the verified state is not reset when the email changes, it is possible for users to shadow others with the same email and lock out or impersonate them.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0105.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0105.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-0105
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-09T13:47:18Z/
url https://access.redhat.com/security/cve/CVE-2023-0105
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0105
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42405
published_at 2026-04-13T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42435
published_at 2026-04-12T12:55:00Z
2
value 0.00203
scoring_system epss
scoring_elements 0.42391
published_at 2026-04-07T12:55:00Z
3
value 0.00203
scoring_system epss
scoring_elements 0.42358
published_at 2026-04-21T12:55:00Z
4
value 0.00203
scoring_system epss
scoring_elements 0.42428
published_at 2026-04-18T12:55:00Z
5
value 0.00203
scoring_system epss
scoring_elements 0.42454
published_at 2026-04-16T12:55:00Z
6
value 0.00203
scoring_system epss
scoring_elements 0.42453
published_at 2026-04-04T12:55:00Z
7
value 0.00203
scoring_system epss
scoring_elements 0.42442
published_at 2026-04-08T12:55:00Z
8
value 0.00203
scoring_system epss
scoring_elements 0.42472
published_at 2026-04-11T12:55:00Z
9
value 0.00203
scoring_system epss
scoring_elements 0.4245
published_at 2026-04-09T12:55:00Z
10
value 0.00203
scoring_system epss
scoring_elements 0.42423
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0105
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158910
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2158910
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/87a50d3ba790b049e436c9925874f9b418af7988
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/87a50d3ba790b049e436c9925874f9b418af7988
6
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-c7xw-p58w-h6fj
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-c7xw-p58w-h6fj
7
reference_url https://github.com/advisories/GHSA-c7xw-p58w-h6fj
reference_id GHSA-c7xw-p58w-h6fj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7xw-p58w-h6fj
8
reference_url https://access.redhat.com/errata/RHSA-2023:7482
reference_id RHSA-2023:7482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7482
9
reference_url https://access.redhat.com/errata/RHSA-2023:7483
reference_id RHSA-2023:7483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7483
10
reference_url https://access.redhat.com/errata/RHSA-2023:7484
reference_id RHSA-2023:7484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7484
11
reference_url https://access.redhat.com/errata/RHSA-2023:7486
reference_id RHSA-2023:7486
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7486
12
reference_url https://access.redhat.com/errata/RHSA-2023:7488
reference_id RHSA-2023:7488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7488
fixed_packages
aliases CVE-2023-0105, GHSA-c7xw-p58w-h6fj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xq2v-4txb-sueu
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@0.0.0