Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-server-spi-private@21.0.2
Typemaven
Namespaceorg.keycloak
Namekeycloak-server-spi-private
Version21.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.6.0
Latest_non_vulnerable_version26.6.0
Affected_by_vulnerabilities
0
url VCID-jh5h-pp29-1kbr
vulnerability_id VCID-jh5h-pp29-1kbr
summary 
Client Spoofing within the Keycloak Device Authorisation Grant
Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:3883
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:3883
1
reference_url https://access.redhat.com/errata/RHSA-2023:3884
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:3884
2
reference_url https://access.redhat.com/errata/RHSA-2023:3885
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:3885
3
reference_url https://access.redhat.com/errata/RHSA-2023:3888
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:3888
4
reference_url https://access.redhat.com/errata/RHSA-2023:3892
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:3892
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json
6
reference_url https://access.redhat.com/security/cve/CVE-2023-2585
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-2585
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2585
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.2974
published_at 2026-04-18T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29872
published_at 2026-04-02T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29918
published_at 2026-04-04T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29734
published_at 2026-04-07T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29796
published_at 2026-04-08T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29831
published_at 2026-04-09T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29841
published_at 2026-04-11T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29795
published_at 2026-04-12T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.29744
published_at 2026-04-13T12:55:00Z
9
value 0.00112
scoring_system epss
scoring_elements 0.29762
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2585
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2196335
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2196335
9
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
10
reference_url https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2585
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2585
12
reference_url https://github.com/advisories/GHSA-f5h4-wmp5-xhg6
reference_id GHSA-f5h4-wmp5-xhg6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f5h4-wmp5-xhg6
13
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6
reference_id GHSA-f5h4-wmp5-xhg6
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2
purl pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jrds-3wks-aybe
1
vulnerability VCID-nhe2-8dtq-gqbf
2
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@21.1.2
aliases CVE-2023-2585, GHSA-f5h4-wmp5-xhg6
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jh5h-pp29-1kbr
1
url VCID-jrds-3wks-aybe
vulnerability_id VCID-jrds-3wks-aybe
summary 
Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:2365
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/
url https://access.redhat.com/errata/RHSA-2026:2365
1
reference_url https://access.redhat.com/errata/RHSA-2026:2366
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/
url https://access.redhat.com/errata/RHSA-2026:2366
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0871.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0871.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-0871
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/
url https://access.redhat.com/security/cve/CVE-2026-0871
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0871
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10137
published_at 2026-04-04T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10001
published_at 2026-04-18T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10024
published_at 2026-04-16T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.10151
published_at 2026-04-13T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.10211
published_at 2026-04-11T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.10171
published_at 2026-04-12T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.10111
published_at 2026-04-08T12:55:00Z
7
value 0.00034
scoring_system epss
scoring_elements 0.10034
published_at 2026-04-07T12:55:00Z
8
value 0.00034
scoring_system epss
scoring_elements 0.10076
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0871
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428881
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2428881
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/9d0f679ecea405958f167fcd0f4a6db6ae32c3fa
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9d0f679ecea405958f167fcd0f4a6db6ae32c3fa
8
reference_url https://github.com/keycloak/keycloak/issues/45873
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45873
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0871
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0871
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
14
reference_url https://github.com/advisories/GHSA-v4jw-m6rm-399h
reference_id GHSA-v4jw-m6rm-399h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v4jw-m6rm-399h
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2
purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2
aliases CVE-2026-0871, GHSA-v4jw-m6rm-399h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrds-3wks-aybe
2
url VCID-nhe2-8dtq-gqbf
vulnerability_id VCID-nhe2-8dtq-gqbf
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39708
published_at 2026-04-18T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39721
published_at 2026-04-02T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39743
published_at 2026-04-04T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39661
published_at 2026-04-07T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39715
published_at 2026-04-08T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.3973
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39739
published_at 2026-04-11T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39703
published_at 2026-04-12T12:55:00Z
8
value 0.00181
scoring_system epss
scoring_elements 0.39687
published_at 2026-04-13T12:55:00Z
9
value 0.00181
scoring_system epss
scoring_elements 0.39737
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
10
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
11
reference_url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
29
reference_url https://access.redhat.com/security/cve/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/security/cve/CVE-2023-6291
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
31
reference_url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
32
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0
purl pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jrds-3wks-aybe
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@23.0.0
aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf
3
url VCID-y1h3-yyn9-53fr
vulnerability_id VCID-y1h3-yyn9-53fr
summary 
Keycloak: Unauthorized authentication via disabled SAML Identity Provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/security/cve/CVE-2026-2603
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3858
published_at 2026-04-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38518
published_at 2026-04-11T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38504
published_at 2026-04-09T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38495
published_at 2026-04-08T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38444
published_at 2026-04-07T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38556
published_at 2026-04-02T12:55:00Z
6
value 0.00227
scoring_system epss
scoring_elements 0.45478
published_at 2026-04-18T12:55:00Z
7
value 0.00227
scoring_system epss
scoring_elements 0.45429
published_at 2026-04-12T12:55:00Z
8
value 0.00227
scoring_system epss
scoring_elements 0.4543
published_at 2026-04-13T12:55:00Z
9
value 0.00227
scoring_system epss
scoring_elements 0.45482
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
10
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
11
reference_url https://github.com/keycloak/keycloak/pull/46932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46932
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id GHSA-x4p7-7chp-64hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4p7-7chp-64hq
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-server-spi-private@26.6.0
purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.6.0
aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@21.0.2