Package Instance

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2026-1518

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id	cpe:/a:redhat:build_keycloak:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:

reference_url

reference_id

CVE-2026-1518

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/

url

https://access.redhat.com/security/cve/CVE-2026-1518

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-1518

reference_id

CVE-2026-1518

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-1518

reference_url

https://github.com/advisories/GHSA-fwhw-chw4-gh37

reference_id

GHSA-fwhw-chw4-gh37

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fwhw-chw4-gh37

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@26.5.3

purl pkg:maven/org.keycloak/keycloak-parent@26.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rt61-271c-nkgk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3

aliases CVE-2026-1518, GHSA-fwhw-chw4-gh37

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bps-7j9p-a3b6

url VCID-2qmw-afpp-7qa8

vulnerability_id VCID-2qmw-afpp-7qa8

summary

Improper Authentication
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_id

reference_type

scores

value	0.00367
scoring_system	epss
scoring_elements	0.5897
published_at	2026-06-05T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58922
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756
reference_id	1796756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_id

CVE-2020-1718

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_url

https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_id

GHSA-j229-2h63-rvh9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@8.0.0

purl pkg:maven/org.keycloak/keycloak-parent@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-wq2e-1xds-3qah

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-xghp-f8g9-akhn

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0

aliases CVE-2020-1718, GHSA-j229-2h63-rvh9

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8

url VCID-39am-wkz3-8ubu

vulnerability_id VCID-39am-wkz3-8ubu

summary

Cross-site Scripting
When using `response_mode=form_post` it is possible to inject arbitrary Javascript-Code via the `state`-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.

references

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14655

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44743
published_at	2026-06-05T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44673
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14655

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14655

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1625396
reference_id	1625396
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1625396

reference_url

reference_id

CVE-2018-14655

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14655

reference_url

https://github.com/advisories/GHSA-458h-wv48-fq75

reference_id

GHSA-458h-wv48-fq75

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-458h-wv48-fq75

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final

purl pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-97sj-h6z5-gqcj

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-wq2e-1xds-3qah

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-xghp-f8g9-akhn

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final

aliases CVE-2018-14655, GHSA-458h-wv48-fq75

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39am-wkz3-8ubu

url VCID-48jh-8c96-3bc9

vulnerability_id VCID-48jh-8c96-3bc9

summary keycloak: path traversal via double URL encoding

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json

reference_url

https://access.redhat.com/security/cve/CVE-2022-3782

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:41:56Z/

url

https://access.redhat.com/security/cve/CVE-2022-3782

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3782

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.3794
published_at	2026-06-05T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37849
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3782

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3782

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3782

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2138971
reference_id	2138971
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2138971

reference_url	https://github.com/advisories/GHSA-g8q8-fggx-9r3q
reference_id	GHSA-g8q8-fggx-9r3q
reference_type
scores
url	https://github.com/advisories/GHSA-g8q8-fggx-9r3q

reference_url	https://access.redhat.com/errata/RHSA-2023:1285
reference_id	RHSA-2023:1285
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1285

reference_url	https://access.redhat.com/errata/RHSA-2023:1661
reference_id	RHSA-2023:1661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1661

reference_url	https://access.redhat.com/errata/RHSA-2023:2041
reference_id	RHSA-2023:2041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2041

reference_url	https://access.redhat.com/errata/RHSA-2023:2135
reference_id	RHSA-2023:2135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2135

reference_url	https://access.redhat.com/errata/RHSA-2023:3185
reference_id	RHSA-2023:3185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3185

reference_url	https://access.redhat.com/errata/RHSA-2023:3815
reference_id	RHSA-2023:3815
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3815

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@20.0.1

purl pkg:maven/org.keycloak/keycloak-parent@20.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.1

url pkg:maven/org.keycloak/keycloak-parent@20.0.2

purl pkg:maven/org.keycloak/keycloak-parent@20.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2

aliases CVE-2022-3782, GHSA-g8q8-fggx-9r3q, GMS-2022-8407

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48jh-8c96-3bc9

url VCID-7662-z35s-9qeq

vulnerability_id VCID-7662-z35s-9qeq

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json

reference_url

https://access.redhat.com/security/cve/CVE-2021-3513

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2021-3513

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3513

reference_id

reference_type

scores

value	0.00201
scoring_system	epss
scoring_elements	0.42063
published_at	2026-06-04T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42137
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3513

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7976

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7976

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3513

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3513

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1953439

reference_id

1953439

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1953439

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

https://security.archlinux.org/AVG-1926

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1926

reference_url

https://github.com/advisories/GHSA-xv7h-95r7-595j

reference_id

GHSA-xv7h-95r7-595j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xv7h-95r7-595j

reference_url	https://access.redhat.com/errata/RHSA-2021:3527
reference_id	RHSA-2021:3527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3527

reference_url	https://access.redhat.com/errata/RHSA-2021:3528
reference_id	RHSA-2021:3528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3528

reference_url	https://access.redhat.com/errata/RHSA-2021:3529
reference_id	RHSA-2021:3529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3529

reference_url	https://access.redhat.com/errata/RHSA-2021:3534
reference_id	RHSA-2021:3534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3534

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@13.0.0

purl pkg:maven/org.keycloak/keycloak-parent@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a4q-f36b-43aq

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0

aliases CVE-2021-3513, GHSA-xv7h-95r7-595j

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7662-z35s-9qeq

url VCID-8sqn-nkzx-euec

vulnerability_id VCID-8sqn-nkzx-euec

summary keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json

reference_url

https://access.redhat.com/security/cve/CVE-2022-2668

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2022-2668

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2668

reference_id

reference_type

scores

value	0.00473
scoring_system	epss
scoring_elements	0.65099
published_at	2026-06-05T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.65057
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2668

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2668

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2668

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2115392

reference_id

2115392

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2115392

reference_url

https://github.com/advisories/GHSA-wf7g-7h6h-678v

reference_id

GHSA-wf7g-7h6h-678v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wf7g-7h6h-678v

reference_url	https://access.redhat.com/errata/RHSA-2022:6782
reference_id	RHSA-2022:6782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6782

reference_url	https://access.redhat.com/errata/RHSA-2022:6783
reference_id	RHSA-2022:6783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6783

reference_url	https://access.redhat.com/errata/RHSA-2022:6787
reference_id	RHSA-2022:6787
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6787

reference_url	https://access.redhat.com/errata/RHSA-2022:7409
reference_id	RHSA-2022:7409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7409

reference_url	https://access.redhat.com/errata/RHSA-2022:7410
reference_id	RHSA-2022:7410
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7410

reference_url	https://access.redhat.com/errata/RHSA-2022:7411
reference_id	RHSA-2022:7411
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7411

reference_url	https://access.redhat.com/errata/RHSA-2022:7417
reference_id	RHSA-2022:7417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7417

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@19.0.2

purl pkg:maven/org.keycloak/keycloak-parent@19.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2

aliases CVE-2022-2668, GHSA-wf7g-7h6h-678v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqn-nkzx-euec

url VCID-97sj-h6z5-gqcj

vulnerability_id VCID-97sj-h6z5-gqcj

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1717

reference_id

reference_type

scores

value	0.00183
scoring_system	epss
scoring_elements	0.39848
published_at	2026-06-05T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.39762
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1717

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1796281

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1796281

reference_url

https://issues.jboss.org/browse/KEYCLOAK-12014

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/KEYCLOAK-12014

reference_url

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1717

reference_url

reference_id

CVE-2020-1717

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1717

reference_url

https://github.com/advisories/GHSA-rvfc-g8j5-9ccf

reference_id

GHSA-rvfc-g8j5-9ccf

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rvfc-g8j5-9ccf

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@8.0.0

purl pkg:maven/org.keycloak/keycloak-parent@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-wq2e-1xds-3qah

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-xghp-f8g9-akhn

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0

aliases CVE-2020-1717, GHSA-rvfc-g8j5-9ccf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-97sj-h6z5-gqcj

url VCID-9kte-cfz7-hqa3

vulnerability_id VCID-9kte-cfz7-hqa3

summary

Improper Certificate Validation
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1758

reference_id

reference_type

scores

value	0.00254
scoring_system	epss
scoring_elements	0.49007
published_at	2026-06-05T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48946
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1758

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758

reference_url

https://issues.redhat.com/browse/KEYCLOAK-13285

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-13285

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1812514
reference_id	1812514
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1812514

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1758

reference_id

CVE-2020-1758

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1758

reference_url

https://github.com/advisories/GHSA-c597-f74m-jgc2

reference_id

GHSA-c597-f74m-jgc2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c597-f74m-jgc2

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@10.0.0

purl pkg:maven/org.keycloak/keycloak-parent@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-wq2e-1xds-3qah

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0

aliases CVE-2020-1758, GHSA-c597-f74m-jgc2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kte-cfz7-hqa3

url VCID-azxv-y5rj-vkg9

vulnerability_id VCID-azxv-y5rj-vkg9

summary

Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

references

reference_url

https://access.redhat.com/errata/RHSA-2022:8961

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8961

reference_url

https://access.redhat.com/errata/RHSA-2022:8962

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8962

reference_url

https://access.redhat.com/errata/RHSA-2022:8963

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8963

reference_url

https://access.redhat.com/errata/RHSA-2022:8964

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8964

reference_url

https://access.redhat.com/errata/RHSA-2022:8965

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2022:8965

reference_url

https://access.redhat.com/errata/RHSA-2023:1043

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1043

reference_url

https://access.redhat.com/errata/RHSA-2023:1044

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1044

reference_url

https://access.redhat.com/errata/RHSA-2023:1045

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1045

reference_url

https://access.redhat.com/errata/RHSA-2023:1047

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1047

reference_url

https://access.redhat.com/errata/RHSA-2023:1049

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/errata/RHSA-2023:1049

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45539
published_at	2026-06-05T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.4547
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3916

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2141404

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/

url

https://access.redhat.com/security/cve/CVE-2022-3916

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_id

CVE-2022-3916

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-3916

reference_url	https://github.com/advisories/GHSA-97g8-xfvw-q4hg
reference_id	GHSA-97g8-xfvw-q4hg
reference_type
scores
url	https://github.com/advisories/GHSA-97g8-xfvw-q4hg

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

reference_id

GHSA-97g8-xfvw-q4hg

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@20.0.2

purl pkg:maven/org.keycloak/keycloak-parent@20.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2

aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9

url VCID-bj1j-1evb-wkgr

vulnerability_id VCID-bj1j-1evb-wkgr

summary

Improper Authentication
When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14657

reference_id

reference_type

scores

value	0.00346
scoring_system	epss
scoring_elements	0.57481
published_at	2026-06-05T12:55:00Z

value	0.00346
scoring_system	epss
scoring_elements	0.57428
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14657

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14657

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1625404
reference_id	1625404
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1625404

reference_url

reference_id

CVE-2018-14657

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14657

reference_url

https://github.com/advisories/GHSA-85v8-vx4w-q684

reference_id

GHSA-85v8-vx4w-q684

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-85v8-vx4w-q684

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final

purl pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-97sj-h6z5-gqcj

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-wq2e-1xds-3qah

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-xghp-f8g9-akhn

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final

url pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final

purl pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-97sj-h6z5-gqcj

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-wq2e-1xds-3qah

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-xghp-f8g9-akhn

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final

aliases CVE-2018-14657, GHSA-85v8-vx4w-q684

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bj1j-1evb-wkgr

url VCID-gr2e-ntp4-9fdg

vulnerability_id VCID-gr2e-ntp4-9fdg

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.29814
published_at	2026-06-05T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29746
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_url

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_url

reference_id

CVE-2020-1725

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_url

https://github.com/advisories/GHSA-p225-pc2x-4jpm

reference_id

GHSA-p225-pc2x-4jpm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p225-pc2x-4jpm

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@13.0.0

purl pkg:maven/org.keycloak/keycloak-parent@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a4q-f36b-43aq

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0

aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg

url VCID-hr92-2apu-abg5

vulnerability_id VCID-hr92-2apu-abg5

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14366

reference_id

reference_type

scores

value	0.00384
scoring_system	epss
scoring_elements	0.60031
published_at	2026-06-05T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59983
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14366

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1869764
reference_id	1869764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1869764

reference_url

https://security.archlinux.org/AVG-1471

reference_id

AVG-1471

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1471

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14366

reference_id

CVE-2020-14366

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14366

reference_url

https://github.com/advisories/GHSA-cp67-8w3w-6h9c

reference_id

GHSA-cp67-8w3w-6h9c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cp67-8w3w-6h9c

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@12.0.0

purl pkg:maven/org.keycloak/keycloak-parent@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a4q-f36b-43aq

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0

aliases CVE-2020-14366, GHSA-cp67-8w3w-6h9c

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hr92-2apu-abg5

url VCID-kfxs-f5j7-mfhu

vulnerability_id VCID-kfxs-f5j7-mfhu

summary keycloak: improper input validation permits script injection

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2256

reference_id

reference_type

scores

value	0.00882
scoring_system	epss
scoring_elements	0.75738
published_at	2026-06-04T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75766
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2256

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2256

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2256

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2101942

reference_id

2101942

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2101942

reference_url

https://github.com/advisories/GHSA-w9mf-83w3-fv49

reference_id

GHSA-w9mf-83w3-fv49

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w9mf-83w3-fv49

reference_url	https://access.redhat.com/errata/RHSA-2022:6782
reference_id	RHSA-2022:6782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6782

reference_url	https://access.redhat.com/errata/RHSA-2022:6783
reference_id	RHSA-2022:6783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6783

reference_url	https://access.redhat.com/errata/RHSA-2022:6787
reference_id	RHSA-2022:6787
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6787

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@19.0.2

purl pkg:maven/org.keycloak/keycloak-parent@19.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-xbkp-kjgd-fqcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2

aliases CVE-2022-2256, GHSA-w9mf-83w3-fv49

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfxs-f5j7-mfhu

url VCID-ku7s-gnhp-a3du

vulnerability_id VCID-ku7s-gnhp-a3du

summary

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.

references

reference_url

https://access.redhat.com/errata/RHSA-2026:3947

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://access.redhat.com/errata/RHSA-2026:3947

reference_url

https://access.redhat.com/errata/RHSA-2026:3948

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://access.redhat.com/errata/RHSA-2026:3948

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0707

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.09225
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0707

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2427768

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2427768

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2026-0707

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url

reference_id

CVE-2026-0707

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://access.redhat.com/security/cve/CVE-2026-0707

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-0707

reference_id

CVE-2026-0707

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-0707

reference_url

https://github.com/advisories/GHSA-gv94-wp4h-vv8p

reference_id

GHSA-gv94-wp4h-vv8p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gv94-wp4h-vv8p

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@26.5.1

purl pkg:maven/org.keycloak/keycloak-parent@26.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-rt61-271c-nkgk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1

aliases CVE-2026-0707, GHSA-gv94-wp4h-vv8p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku7s-gnhp-a3du

url VCID-qjhb-ubp5-ukdy

vulnerability_id VCID-qjhb-ubp5-ukdy

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json

reference_url

https://access.redhat.com/security/cve/CVE-2021-3632

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2021-3632

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3632

reference_id

reference_type

scores

value	0.00503
scoring_system	epss
scoring_elements	0.6649
published_at	2026-06-05T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.6645
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3632

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4

reference_url

https://github.com/keycloak/keycloak/pull/8203

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/8203

reference_url

https://issues.redhat.com/browse/KEYCLOAK-18500

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-18500

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3632

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3632

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1978196

reference_id

1978196

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1978196

reference_url

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-qpq9-jpv4-6gwr

reference_url

reference_id

GHSA-qpq9-jpv4-6gwr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qpq9-jpv4-6gwr

reference_url	https://access.redhat.com/errata/RHSA-2021:3527
reference_id	RHSA-2021:3527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3527

reference_url	https://access.redhat.com/errata/RHSA-2021:3528
reference_id	RHSA-2021:3528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3528

reference_url	https://access.redhat.com/errata/RHSA-2021:3529
reference_id	RHSA-2021:3529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3529

reference_url	https://access.redhat.com/errata/RHSA-2021:3534
reference_id	RHSA-2021:3534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3534

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@15.1.0

purl pkg:maven/org.keycloak/keycloak-parent@15.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a4q-f36b-43aq

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.0

aliases CVE-2021-3632, GHSA-qpq9-jpv4-6gwr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhb-ubp5-ukdy

url VCID-rb4v-3kux-4fas

vulnerability_id VCID-rb4v-3kux-4fas

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14359

reference_id

reference_type

scores

value	0.00259
scoring_system	epss
scoring_elements	0.49519
published_at	2026-06-05T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49456
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14359

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1868591

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1868591

reference_url

https://github.com/keycloak/keycloak-gatekeeper

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-gatekeeper

reference_url

https://github.com/keycloak/keycloak/issues/12934

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/12934

reference_url

https://issues.jboss.org/browse/KEYCLOAK-14090

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/KEYCLOAK-14090

reference_url

https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper

reference_url

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14359

reference_url

reference_id

CVE-2020-14359

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14359

reference_url	https://github.com/advisories/GHSA-jh6m-3pqw-242h
reference_id	GHSA-jh6m-3pqw-242h
reference_type
scores
url	https://github.com/advisories/GHSA-jh6m-3pqw-242h

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@13.0.0

purl pkg:maven/org.keycloak/keycloak-parent@13.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a4q-f36b-43aq

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0

aliases CVE-2020-14359, GHSA-jh6m-3pqw-242h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rb4v-3kux-4fas

url VCID-t8wj-9vkr-hbc6

vulnerability_id VCID-t8wj-9vkr-hbc6

summary

Allocation of Resources Without Limits or Throttling
A flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3637

reference_id

reference_type

scores

value	0.00468
scoring_system	epss
scoring_elements	0.64868
published_at	2026-06-05T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.64826
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3637

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1979638

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1979638

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3637

reference_id

CVE-2021-3637

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3637

reference_url	https://access.redhat.com/errata/RHSA-2021:3527
reference_id	RHSA-2021:3527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3527

reference_url	https://access.redhat.com/errata/RHSA-2021:3528
reference_id	RHSA-2021:3528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3528

reference_url	https://access.redhat.com/errata/RHSA-2021:3529
reference_id	RHSA-2021:3529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3529

reference_url	https://access.redhat.com/errata/RHSA-2021:3534
reference_id	RHSA-2021:3534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3534

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@14.0.0

purl pkg:maven/org.keycloak/keycloak-parent@14.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a4q-f36b-43aq

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0

aliases CVE-2021-3637, GHSA-2vp8-jv5v-6qh6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8wj-9vkr-hbc6

url VCID-wq2e-1xds-3qah

vulnerability_id VCID-wq2e-1xds-3qah

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10748

reference_id

reference_type

scores

value	0.00354
scoring_system	epss
scoring_elements	0.58053
published_at	2026-06-05T12:55:00Z

value	0.00354
scoring_system	epss
scoring_elements	0.58003
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10748

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1836786

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1836786

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10748

reference_id

CVE-2020-10748

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10748

reference_url

https://github.com/advisories/GHSA-hgpg-593r-hhvp

reference_id

GHSA-hgpg-593r-hhvp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hgpg-593r-hhvp

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@10.0.2

purl pkg:maven/org.keycloak/keycloak-parent@10.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.2

aliases CVE-2020-10748, GHSA-hgpg-593r-hhvp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wq2e-1xds-3qah

url VCID-xbkp-kjgd-fqcx

vulnerability_id VCID-xbkp-kjgd-fqcx

summary

URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:7854

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7854

reference_url

https://access.redhat.com/errata/RHSA-2023:7855

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7855

reference_url

https://access.redhat.com/errata/RHSA-2023:7856

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7856

reference_url

https://access.redhat.com/errata/RHSA-2023:7857

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7857

reference_url

https://access.redhat.com/errata/RHSA-2023:7858

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7858

reference_url

https://access.redhat.com/errata/RHSA-2023:7860

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7860

reference_url

https://access.redhat.com/errata/RHSA-2023:7861

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/errata/RHSA-2023:7861

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39491
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6291

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2251407

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id	cpe:/a:redhat:build_keycloak:22
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id	cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id	cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id	cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id	cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id	cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id	cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id	cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id	cpe:/a:redhat:serverless:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1

reference_url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/

url

https://access.redhat.com/security/cve/CVE-2023-6291

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_id

CVE-2023-6291

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6291

reference_url	https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id	GHSA-mpwq-j3xf-7m5w
reference_type
scores
url	https://github.com/advisories/GHSA-mpwq-j3xf-7m5w

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

reference_id

GHSA-mpwq-j3xf-7m5w

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@23.0.0

purl pkg:maven/org.keycloak/keycloak-parent@23.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-rt61-271c-nkgk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0

aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx

url VCID-xghp-f8g9-akhn

vulnerability_id VCID-xghp-f8g9-akhn

summary

Incorrect Permission Assignment for Critical Resource
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1694

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51241
published_at	2026-06-05T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51179
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1694

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1790759

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1790759

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1694

reference_id

CVE-2020-1694

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1694

reference_url

https://github.com/advisories/GHSA-72j4-94rx-cr6w

reference_id

GHSA-72j4-94rx-cr6w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-72j4-94rx-cr6w

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@10.0.0

purl pkg:maven/org.keycloak/keycloak-parent@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-wq2e-1xds-3qah

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y36z-qpqd-37cs

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0

aliases CVE-2020-1694, GHSA-72j4-94rx-cr6w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-f8g9-akhn

url VCID-y36z-qpqd-37cs

vulnerability_id VCID-y36z-qpqd-37cs

summary

Allocation of Resources Without Limits or Throttling
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10758

reference_id

reference_type

scores

value	0.00529
scoring_system	epss
scoring_elements	0.67593
published_at	2026-06-05T12:55:00Z

value	0.00529
scoring_system	epss
scoring_elements	0.67552
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10758

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1843849

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1843849

reference_url

https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10758

reference_id

CVE-2020-10758

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10758

reference_url

https://github.com/advisories/GHSA-52rg-hpwq-qp56

reference_id

GHSA-52rg-hpwq-qp56

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-52rg-hpwq-qp56

reference_url	https://access.redhat.com/errata/RHSA-2020:3495
reference_id	RHSA-2020:3495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3495

reference_url	https://access.redhat.com/errata/RHSA-2020:3496
reference_id	RHSA-2020:3496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3496

reference_url	https://access.redhat.com/errata/RHSA-2020:3497
reference_id	RHSA-2020:3497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3497

reference_url	https://access.redhat.com/errata/RHSA-2020:3501
reference_id	RHSA-2020:3501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3501

reference_url	https://access.redhat.com/errata/RHSA-2020:3539
reference_id	RHSA-2020:3539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3539

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@11.0.1

purl pkg:maven/org.keycloak/keycloak-parent@11.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hr92-2apu-abg5

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@11.0.1

aliases CVE-2020-10758, GHSA-52rg-hpwq-qp56

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y36z-qpqd-37cs

url VCID-y9de-4w6u-abfa

vulnerability_id VCID-y9de-4w6u-abfa

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50801
published_at	2026-06-05T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50741
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10776

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1847428

reference_url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_id

CVE-2020-10776

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10776

reference_url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_id

GHSA-484q-784p-8m5h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-484q-784p-8m5h

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@12.0.0

purl pkg:maven/org.keycloak/keycloak-parent@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a4q-f36b-43aq

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-2ju8-s2gd-b3ee

vulnerability	VCID-48jh-8c96-3bc9

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-7662-z35s-9qeq

vulnerability	VCID-8sqn-nkzx-euec

vulnerability	VCID-azxv-y5rj-vkg9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-kfxs-f5j7-mfhu

vulnerability	VCID-ku7s-gnhp-a3du

vulnerability	VCID-qjhb-ubp5-ukdy

vulnerability	VCID-rb4v-3kux-4fas

vulnerability	VCID-rt61-271c-nkgk

vulnerability	VCID-t8wj-9vkr-hbc6

vulnerability	VCID-xbkp-kjgd-fqcx

vulnerability	VCID-yn28-fcm1-zfcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0

aliases CVE-2020-10776, GHSA-484q-784p-8m5h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa

url VCID-yn28-fcm1-zfcs

vulnerability_id VCID-yn28-fcm1-zfcs

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json

reference_url

https://access.redhat.com/security/cve/CVE-2021-3827

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2021-3827

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3827

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43291
published_at	2026-06-05T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43218
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3827

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3827

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3827

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2007512

reference_id

2007512

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2007512

reference_url

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url