Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-ldap-federation@22.0.1
Typemaven
Namespaceorg.keycloak
Namekeycloak-ldap-federation
Version22.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.4.6
Latest_non_vulnerable_version26.4.6
Affected_by_vulnerabilities
0
url VCID-3vxq-nfzs-zugz
vulnerability_id VCID-3vxq-nfzs-zugz
summary 
Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references.

### Original Description

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:22088
1
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:22089
2
reference_url https://access.redhat.com/errata/RHSA-2025:22090
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:22090
3
reference_url https://access.redhat.com/errata/RHSA-2025:22091
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:22091
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2416038
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2416038
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328
7
reference_url https://github.com/keycloak/keycloak/issues/44478
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/44478
8
reference_url https://github.com/keycloak/keycloak/releases/tag/26.4.6
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.4.6
9
reference_url https://access.redhat.com/security/cve/CVE-2025-13467
reference_id CVE-2025-13467
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-13467
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13467
reference_id CVE-2025-13467
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13467
11
reference_url https://github.com/advisories/GHSA-93vm-mqpw-8wh3
reference_id GHSA-93vm-mqpw-8wh3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93vm-mqpw-8wh3
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-ldap-federation@26.4.6
purl pkg:maven/org.keycloak/keycloak-ldap-federation@26.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@26.4.6
aliases GHSA-93vm-mqpw-8wh3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vxq-nfzs-zugz
1
url VCID-rrkd-31d4-9yaq
vulnerability_id VCID-rrkd-31d4-9yaq
summary 
Keycloak vulnerable to LDAP Injection on UsernameForm Login
A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2232
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24445
published_at 2026-04-02T12:55:00Z
1
value 0.00083
scoring_system epss
scoring_elements 0.24479
published_at 2026-04-04T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29831
published_at 2026-04-18T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29826
published_at 2026-04-07T12:55:00Z
4
value 0.00113
scoring_system epss
scoring_elements 0.29888
published_at 2026-04-08T12:55:00Z
5
value 0.00113
scoring_system epss
scoring_elements 0.29924
published_at 2026-04-09T12:55:00Z
6
value 0.00113
scoring_system epss
scoring_elements 0.29929
published_at 2026-04-11T12:55:00Z
7
value 0.00113
scoring_system epss
scoring_elements 0.29883
published_at 2026-04-12T12:55:00Z
8
value 0.00113
scoring_system epss
scoring_elements 0.29834
published_at 2026-04-13T12:55:00Z
9
value 0.00113
scoring_system epss
scoring_elements 0.29852
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2232
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2096994
reference_id 2096994
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2096994
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
9
reference_url https://access.redhat.com/security/cve/CVE-2022-2232
reference_id CVE-2022-2232
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/
url https://access.redhat.com/security/cve/CVE-2022-2232
10
reference_url https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
reference_id GHSA-8hc5-rmgf-qx6p
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8hc5-rmgf-qx6p
11
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
reference_id GHSA-8hc5-rmgf-qx6p
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-ldap-federation@23.0.1
purl pkg:maven/org.keycloak/keycloak-ldap-federation@23.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vxq-nfzs-zugz
1
vulnerability VCID-wg6h-c3vm-n7h9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@23.0.1
aliases CVE-2022-2232, GHSA-8hc5-rmgf-qx6p
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrkd-31d4-9yaq
2
url VCID-wg6h-c3vm-n7h9
vulnerability_id VCID-wg6h-c3vm-n7h9
summary 
Duplicate Advisory: Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-2p82-5wwr-43cw. This link is maintained to preserve external references.

# Original Description

A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:2544
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:2544
1
reference_url https://access.redhat.com/errata/RHSA-2025:2545
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:2545
2
reference_url https://access.redhat.com/security/cve/CVE-2025-0604
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-0604
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2338993
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2338993
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0604
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0604
6
reference_url https://github.com/advisories/GHSA-m3hp-8546-5qmr
reference_id GHSA-m3hp-8546-5qmr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3hp-8546-5qmr
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-ldap-federation@26.1.1
purl pkg:maven/org.keycloak/keycloak-ldap-federation@26.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vxq-nfzs-zugz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@26.1.1
aliases GHSA-m3hp-8546-5qmr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg6h-c3vm-n7h9
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-ldap-federation@22.0.1