Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62048?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62048?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final", "type": "maven", "namespace": "org.keycloak", "name": "keycloak-parent", "version": "3.3.0.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49913?format=api", "vulnerability_id": "VCID-1bps-7j9p-a3b6", "summary": "Keycloak Server-Side Request Forgery (SSRF) vulnerability\nA flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02184", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02178", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1518" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433727", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433727" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1518", "reference_id": "CVE-2026-1518", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1518" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1518", "reference_id": "CVE-2026-1518", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1518" }, { "reference_url": "https://github.com/advisories/GHSA-fwhw-chw4-gh37", "reference_id": "GHSA-fwhw-chw4-gh37", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwhw-chw4-gh37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/581487?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@26.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rt61-271c-nkgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3" } ], "aliases": [ "CVE-2026-1518", "GHSA-fwhw-chw4-gh37" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bps-7j9p-a3b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42329?format=api", "vulnerability_id": "VCID-2qmw-afpp-7qa8", "summary": "Improper Authentication\nA flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58974", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58922", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.5897", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1718" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756", "reference_id": "1796756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796756" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718", "reference_id": "CVE-2020-1718", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1718" }, { "reference_url": "https://github.com/advisories/GHSA-j229-2h63-rvh9", "reference_id": "GHSA-j229-2h63-rvh9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j229-2h63-rvh9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2252", "reference_id": "RHSA-2020:2252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60518?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0" } ], "aliases": [ "CVE-2020-1718", "GHSA-j229-2h63-rvh9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40438?format=api", "vulnerability_id": "VCID-39am-wkz3-8ubu", "summary": "Cross-site Scripting\nWhen using `response_mode=form_post` it is possible to inject arbitrary Javascript-Code via the `state`-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3592", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3593", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3595", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3595" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4475", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44673", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44743", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14655" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396", "reference_id": "1625396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625396" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655", "reference_id": "CVE-2018-14655", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14655" }, { "reference_url": "https://github.com/advisories/GHSA-458h-wv48-fq75", "reference_id": "GHSA-458h-wv48-fq75", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-458h-wv48-fq75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/528963?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bj1j-1evb-wkgr" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3" }, { "url": "http://public2.vulnerablecode.io/api/packages/528968?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final" } ], "aliases": [ "CVE-2018-14655", "GHSA-458h-wv48-fq75" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39am-wkz3-8ubu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99853?format=api", "vulnerability_id": "VCID-48jh-8c96-3bc9", "summary": "keycloak: path traversal via double URL encoding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-3782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:41:56Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-3782" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37942", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37849", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3794", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3782" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971", "reference_id": "2138971", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "reference_url": "https://github.com/advisories/GHSA-g8q8-fggx-9r3q", "reference_id": "GHSA-g8q8-fggx-9r3q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g8q8-fggx-9r3q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1285", "reference_id": "RHSA-2023:1285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1661", "reference_id": "RHSA-2023:1661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2041", "reference_id": "RHSA-2023:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2135", "reference_id": "RHSA-2023:2135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3185", "reference_id": "RHSA-2023:3185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3815", "reference_id": "RHSA-2023:3815", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3815" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/581418?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@20.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67067?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@20.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2" } ], "aliases": [ "CVE-2022-3782", "GHSA-g8q8-fggx-9r3q", "GMS-2022-8407" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-48jh-8c96-3bc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5537?format=api", "vulnerability_id": "VCID-7662-z35s-9qeq", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3513" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42148", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42063", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42137", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3513" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/7976", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/7976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439", "reference_id": "1953439", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953439" }, { "reference_url": "https://security.archlinux.org/ASA-202105-6", "reference_id": "ASA-202105-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202105-6" }, { "reference_url": "https://security.archlinux.org/AVG-1926", "reference_id": "AVG-1926", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1926" }, { "reference_url": "https://github.com/advisories/GHSA-xv7h-95r7-595j", "reference_id": "GHSA-xv7h-95r7-595j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv7h-95r7-595j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60434?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0" } ], "aliases": [ "CVE-2021-3513", "GHSA-xv7h-95r7-595j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7662-z35s-9qeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43614?format=api", "vulnerability_id": "VCID-7ddy-c7pe-97cd", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIt was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71721", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71674", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00668", "scoring_system": "epss", "scoring_elements": "0.71715", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12158" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489161" }, { "reference_url": "https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158", "reference_id": "CVE-2017-12158", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158" }, { "reference_url": "https://github.com/advisories/GHSA-v38p-mqq3-m6v5", "reference_id": "GHSA-v38p-mqq3-m6v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v38p-mqq3-m6v5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62310?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/528959?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-39am-wkz3-8ubu" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bj1j-1evb-wkgr" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final" } ], "aliases": [ "CVE-2017-12158", "GHSA-v38p-mqq3-m6v5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ddy-c7pe-97cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102085?format=api", "vulnerability_id": "VCID-8sqn-nkzx-euec", "summary": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-2668", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.6511", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65057", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.65099", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2668" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392", "reference_id": "2115392", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "reference_url": "https://github.com/advisories/GHSA-wf7g-7h6h-678v", "reference_id": "GHSA-wf7g-7h6h-678v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wf7g-7h6h-678v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6782", "reference_id": "RHSA-2022:6782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6783", "reference_id": "RHSA-2022:6783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6787", "reference_id": "RHSA-2022:6787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7409", "reference_id": "RHSA-2022:7409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7410", "reference_id": "RHSA-2022:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7411", "reference_id": "RHSA-2022:7411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7417", "reference_id": "RHSA-2022:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146025?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@19.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2" } ], "aliases": [ "CVE-2022-2668", "GHSA-wf7g-7h6h-678v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqn-nkzx-euec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4957?format=api", "vulnerability_id": "VCID-97sj-h6z5-gqcj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39851", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39762", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39848", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1717" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796281", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796281" }, { "reference_url": "https://issues.jboss.org/browse/KEYCLOAK-12014", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/KEYCLOAK-12014" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1717", "reference_id": "CVE-2020-1717", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1717" }, { "reference_url": "https://github.com/advisories/GHSA-rvfc-g8j5-9ccf", "reference_id": "GHSA-rvfc-g8j5-9ccf", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvfc-g8j5-9ccf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60518?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0" } ], "aliases": [ "CVE-2020-1717", "GHSA-rvfc-g8j5-9ccf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97sj-h6z5-gqcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42323?format=api", "vulnerability_id": "VCID-9kte-cfz7-hqa3", "summary": "Improper Certificate Validation\nA flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49016", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48946", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.49007", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1758" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-13285", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-13285" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514", "reference_id": "1812514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758", "reference_id": "CVE-2020-1758", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758" }, { "reference_url": "https://github.com/advisories/GHSA-c597-f74m-jgc2", "reference_id": "GHSA-c597-f74m-jgc2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c597-f74m-jgc2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2106", "reference_id": "RHSA-2020:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2107", "reference_id": "RHSA-2020:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2108", "reference_id": "RHSA-2020:2108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60507?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-6gee-p7fr-1yhy" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0" } ], "aliases": [ "CVE-2020-1758", "GHSA-c597-f74m-jgc2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kte-cfz7-hqa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46052?format=api", "vulnerability_id": "VCID-azxv-y5rj-vkg9", "summary": "Insufficient Session Expiration\nA flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8961", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8962", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8963", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8964", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8965", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2022:8965" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45543", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4547", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45539", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3916" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-3916", "reference_id": "CVE-2022-3916", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "reference_id": "CVE-2022-3916", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" }, { "reference_url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "GHSA-97g8-xfvw-q4hg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-97g8-xfvw-q4hg" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg", "reference_id": "GHSA-97g8-xfvw-q4hg", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67067?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@20.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2" } ], "aliases": [ "CVE-2022-3916", "GHSA-97g8-xfvw-q4hg", "GMS-2022-8406" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40434?format=api", "vulnerability_id": "VCID-bj1j-1evb-wkgr", "summary": "Improper Authentication\nWhen TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3592", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3593", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3595", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3595" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.5749", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57428", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57481", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14657" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404", "reference_id": "1625404", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625404" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657", "reference_id": "CVE-2018-14657", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14657" }, { "reference_url": "https://github.com/advisories/GHSA-85v8-vx4w-q684", "reference_id": "GHSA-85v8-vx4w-q684", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-85v8-vx4w-q684" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/528968?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/155681?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final" } ], "aliases": [ "CVE-2018-14657", "GHSA-85v8-vx4w-q684" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bj1j-1evb-wkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4955?format=api", "vulnerability_id": "VCID-gr2e-ntp4-9fdg", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29778", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29746", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29814", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1725" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765129" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-16550", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-16550" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725", "reference_id": "CVE-2020-1725", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1725" }, { "reference_url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm", "reference_id": "GHSA-p225-pc2x-4jpm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p225-pc2x-4jpm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60434?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0" } ], "aliases": [ "CVE-2020-1725", "GHSA-p225-pc2x-4jpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42286?format=api", "vulnerability_id": "VCID-hr92-2apu-abg5", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nA vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60034", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59983", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60031", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14366" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869764", "reference_id": "1869764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869764" }, { "reference_url": "https://security.archlinux.org/AVG-1471", "reference_id": "AVG-1471", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1471" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14366", "reference_id": "CVE-2020-14366", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14366" }, { "reference_url": "https://github.com/advisories/GHSA-cp67-8w3w-6h9c", "reference_id": "GHSA-cp67-8w3w-6h9c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cp67-8w3w-6h9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60275?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-6gee-p7fr-1yhy" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0" } ], "aliases": [ "CVE-2020-14366", "GHSA-cp67-8w3w-6h9c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hr92-2apu-abg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102496?format=api", "vulnerability_id": "VCID-kfxs-f5j7-mfhu", "summary": "keycloak: improper input validation permits script injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75763", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75766", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00882", "scoring_system": "epss", "scoring_elements": "0.75738", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2256" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942", "reference_id": "2101942", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "reference_url": "https://github.com/advisories/GHSA-w9mf-83w3-fv49", "reference_id": "GHSA-w9mf-83w3-fv49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9mf-83w3-fv49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6782", "reference_id": "RHSA-2022:6782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6783", "reference_id": "RHSA-2022:6783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6787", "reference_id": "RHSA-2022:6787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146025?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@19.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2" } ], "aliases": [ "CVE-2022-2256", "GHSA-w9mf-83w3-fv49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfxs-f5j7-mfhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49632?format=api", "vulnerability_id": "VCID-ku7s-gnhp-a3du", "summary": "Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization\nA flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the \"Bearer\" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3947", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3947" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3948", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3948" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06527", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09225", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0707" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427768", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427768" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9", "reference_id": "cpe:/a:redhat:build_keycloak:26.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-0707", "reference_id": "CVE-2026-0707", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-0707" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707", "reference_id": "CVE-2026-0707", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707" }, { "reference_url": "https://github.com/advisories/GHSA-gv94-wp4h-vv8p", "reference_id": "GHSA-gv94-wp4h-vv8p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gv94-wp4h-vv8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/581486?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@26.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-rt61-271c-nkgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1" } ], "aliases": [ "CVE-2026-0707", "GHSA-gv94-wp4h-vv8p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ku7s-gnhp-a3du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4952?format=api", "vulnerability_id": "VCID-qjhb-ubp5-ukdy", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3632" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66498", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.6645", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.6649", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3632" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4" }, { "reference_url": "https://github.com/keycloak/keycloak/pull/8203", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/pull/8203" }, { "reference_url": "https://issues.redhat.com/browse/KEYCLOAK-18500", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/KEYCLOAK-18500" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196", "reference_id": "1978196", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr", "reference_id": "GHSA-qpq9-jpv4-6gwr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpq9-jpv4-6gwr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/504243?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.0" } ], "aliases": [ "CVE-2021-3632", "GHSA-qpq9-jpv4-6gwr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhb-ubp5-ukdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4958?format=api", "vulnerability_id": "VCID-rb4v-3kux-4fas", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49529", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49519", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49456", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14359" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868591", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868591" }, { "reference_url": "https://github.com/keycloak/keycloak-gatekeeper", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak-gatekeeper" }, { "reference_url": "https://github.com/keycloak/keycloak/issues/12934", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/issues/12934" }, { "reference_url": "https://issues.jboss.org/browse/KEYCLOAK-14090", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/KEYCLOAK-14090" }, { "reference_url": "https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14359", "reference_id": "CVE-2020-14359", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14359" }, { "reference_url": "https://github.com/advisories/GHSA-jh6m-3pqw-242h", "reference_id": "GHSA-jh6m-3pqw-242h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jh6m-3pqw-242h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60434?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0" } ], "aliases": [ "CVE-2020-14359", "GHSA-jh6m-3pqw-242h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rb4v-3kux-4fas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43460?format=api", "vulnerability_id": "VCID-rwt9-kx6n-dfae", "summary": "Insufficient Session Expiration\nIt was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69553", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69506", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69545", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484111" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239" }, { "reference_url": "https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159", "reference_id": "CVE-2017-12159", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159" }, { "reference_url": "https://github.com/advisories/GHSA-7fmw-85qm-h22p", "reference_id": "GHSA-7fmw-85qm-h22p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7fmw-85qm-h22p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62310?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/528959?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-39am-wkz3-8ubu" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bj1j-1evb-wkgr" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final" } ], "aliases": [ "CVE-2017-12159", "GHSA-7fmw-85qm-h22p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwt9-kx6n-dfae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41197?format=api", "vulnerability_id": "VCID-t8wj-9vkr-hbc6", "summary": "Allocation of Resources Without Limits or Throttling\nA flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64878", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64826", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64868", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979638", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979638" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3637", "reference_id": "CVE-2021-3637", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3527", "reference_id": "RHSA-2021:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3528", "reference_id": "RHSA-2021:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3529", "reference_id": "RHSA-2021:3529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58359?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@14.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0" } ], "aliases": [ "CVE-2021-3637", "GHSA-2vp8-jv5v-6qh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8wj-9vkr-hbc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43316?format=api", "vulnerability_id": "VCID-u18w-zxb4-5khp", "summary": "Improper Authentication\nIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69049", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69039", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160", "reference_id": "CVE-2017-12160", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160" }, { "reference_url": "https://github.com/advisories/GHSA-qc72-gfvw-76h7", "reference_id": "GHSA-qc72-gfvw-76h7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qc72-gfvw-76h7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/528958?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-39am-wkz3-8ubu" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-7ddy-c7pe-97cd" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bj1j-1evb-wkgr" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rwt9-kx6n-dfae" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1" } ], "aliases": [ "CVE-2017-12160", "GHSA-qc72-gfvw-76h7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u18w-zxb4-5khp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42274?format=api", "vulnerability_id": "VCID-wq2e-1xds-3qah", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58062", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58003", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.58053", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10748" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836786", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836786" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10748", "reference_id": "CVE-2020-10748", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10748" }, { "reference_url": "https://github.com/advisories/GHSA-hgpg-593r-hhvp", "reference_id": "GHSA-hgpg-593r-hhvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hgpg-593r-hhvp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60424?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@10.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-6gee-p7fr-1yhy" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.2" } ], "aliases": [ "CVE-2020-10748", "GHSA-hgpg-593r-hhvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wq2e-1xds-3qah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46902?format=api", "vulnerability_id": "VCID-xbkp-kjgd-fqcx", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7854", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7855", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7856", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7857", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7858", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7860", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7861", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7861" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39496", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39491", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6291" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251407" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22", "reference_id": "cpe:/a:redhat:build_keycloak:22", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9", "reference_id": "cpe:/a:redhat:build_keycloak:22::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7", "reference_id": "cpe:/a:redhat:migration_toolkit_applications:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1", "reference_id": "cpe:/a:redhat:serverless:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-6291", "reference_id": "CVE-2023-6291", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-6291" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291", "reference_id": "CVE-2023-6291", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6291" }, { "reference_url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "GHSA-mpwq-j3xf-7m5w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mpwq-j3xf-7m5w" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w", "reference_id": "GHSA-mpwq-j3xf-7m5w", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68623?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@23.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-rt61-271c-nkgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0" } ], "aliases": [ "CVE-2023-6291", "GHSA-mpwq-j3xf-7m5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42322?format=api", "vulnerability_id": "VCID-xghp-f8g9-akhn", "summary": "Incorrect Permission Assignment for Critical Resource\nA flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51246", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51179", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51241", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1694" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790759", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790759" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1694", "reference_id": "CVE-2020-1694", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1694" }, { "reference_url": "https://github.com/advisories/GHSA-72j4-94rx-cr6w", "reference_id": "GHSA-72j4-94rx-cr6w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72j4-94rx-cr6w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60507?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-6gee-p7fr-1yhy" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0" } ], "aliases": [ "CVE-2020-1694", "GHSA-72j4-94rx-cr6w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-f8g9-akhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42330?format=api", "vulnerability_id": "VCID-y36z-qpqd-37cs", "summary": "Allocation of Resources Without Limits or Throttling\nA vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.676", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67552", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67593", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10758" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758", "reference_id": "CVE-2020-10758", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758" }, { "reference_url": "https://github.com/advisories/GHSA-52rg-hpwq-qp56", "reference_id": "GHSA-52rg-hpwq-qp56", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52rg-hpwq-qp56" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3495", "reference_id": "RHSA-2020:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3496", "reference_id": "RHSA-2020:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3497", "reference_id": "RHSA-2020:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3501", "reference_id": "RHSA-2020:3501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3539", "reference_id": "RHSA-2020:3539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3539" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60519?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@11.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-6gee-p7fr-1yhy" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@11.0.1" } ], "aliases": [ "CVE-2020-10758", "GHSA-52rg-hpwq-qp56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y36z-qpqd-37cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42282?format=api", "vulnerability_id": "VCID-y9de-4w6u-abfa", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50807", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50741", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50801", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776", "reference_id": "CVE-2020-10776", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776" }, { "reference_url": "https://github.com/advisories/GHSA-484q-784p-8m5h", "reference_id": "GHSA-484q-784p-8m5h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-484q-784p-8m5h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4929", "reference_id": "RHSA-2020:4929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4930", "reference_id": "RHSA-2020:4930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4931", "reference_id": "RHSA-2020:4931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4932", "reference_id": "RHSA-2020:4932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4932" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60275?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a4q-f36b-43aq" }, { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2ju8-s2gd-b3ee" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-6gee-p7fr-1yhy" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0" } ], "aliases": [ "CVE-2020-10776", "GHSA-484q-784p-8m5h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4951?format=api", "vulnerability_id": "VCID-yn28-fcm1-zfcs", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3827", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3827" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43218", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.433", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43291", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3827" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3827", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3827" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007512", "reference_id": "2007512", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007512" }, { "reference_url": "https://security.archlinux.org/AVG-1332", "reference_id": "AVG-1332", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1332" }, { "reference_url": "https://github.com/advisories/GHSA-4pc7-vqv5-5r3v", "reference_id": "GHSA-4pc7-vqv5-5r3v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4pc7-vqv5-5r3v" }, { "reference_url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v", "reference_id": "GHSA-4pc7-vqv5-5r3v", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0151", "reference_id": "RHSA-2022:0151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0152", "reference_id": "RHSA-2022:0152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0155", "reference_id": "RHSA-2022:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0164", "reference_id": "RHSA-2022:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61584?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-rt61-271c-nkgk" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0" } ], "aliases": [ "CVE-2021-3827", "GHSA-4pc7-vqv5-5r3v", "GMS-2022-1098" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn28-fcm1-zfcs" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43316?format=api", "vulnerability_id": "VCID-u18w-zxb4-5khp", "summary": "Improper Authentication\nIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2906" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69049", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00571", "scoring_system": "epss", "scoring_elements": "0.69039", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154" }, { "reference_url": "https://github.com/keycloak/keycloak", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/keycloak/keycloak" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160", "reference_id": "CVE-2017-12160", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12160" }, { "reference_url": "https://github.com/advisories/GHSA-qc72-gfvw-76h7", "reference_id": "GHSA-qc72-gfvw-76h7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qc72-gfvw-76h7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62048?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-39am-wkz3-8ubu" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-7ddy-c7pe-97cd" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bj1j-1evb-wkgr" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rwt9-kx6n-dfae" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-u18w-zxb4-5khp" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/528958?format=api", "purl": "pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1bps-7j9p-a3b6" }, { "vulnerability": "VCID-2qmw-afpp-7qa8" }, { "vulnerability": "VCID-39am-wkz3-8ubu" }, { "vulnerability": "VCID-48jh-8c96-3bc9" }, { "vulnerability": "VCID-7662-z35s-9qeq" }, { "vulnerability": "VCID-7ddy-c7pe-97cd" }, { "vulnerability": "VCID-8sqn-nkzx-euec" }, { "vulnerability": "VCID-97sj-h6z5-gqcj" }, { "vulnerability": "VCID-9kte-cfz7-hqa3" }, { "vulnerability": "VCID-azxv-y5rj-vkg9" }, { "vulnerability": "VCID-bj1j-1evb-wkgr" }, { "vulnerability": "VCID-gr2e-ntp4-9fdg" }, { "vulnerability": "VCID-hr92-2apu-abg5" }, { "vulnerability": "VCID-kfxs-f5j7-mfhu" }, { "vulnerability": "VCID-ku7s-gnhp-a3du" }, { "vulnerability": "VCID-qjhb-ubp5-ukdy" }, { "vulnerability": "VCID-rb4v-3kux-4fas" }, { "vulnerability": "VCID-rwt9-kx6n-dfae" }, { "vulnerability": "VCID-t8wj-9vkr-hbc6" }, { "vulnerability": "VCID-wq2e-1xds-3qah" }, { "vulnerability": "VCID-xbkp-kjgd-fqcx" }, { "vulnerability": "VCID-xghp-f8g9-akhn" }, { "vulnerability": "VCID-y36z-qpqd-37cs" }, { "vulnerability": "VCID-y9de-4w6u-abfa" }, { "vulnerability": "VCID-yn28-fcm1-zfcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1" } ], "aliases": [ "CVE-2017-12160", "GHSA-qc72-gfvw-76h7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u18w-zxb4-5khp" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final" }