Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@7.0.1
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version7.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version13.0.0
Latest_non_vulnerable_version26.6.3
Affected_by_vulnerabilities
0
url VCID-13dn-ke8h-67ez
vulnerability_id VCID-13dn-ke8h-67ez
summary 
Insufficient Session Expiration
A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged-in, to see the personal information of a previously logged-out user in the account manager section.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1724
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33277
published_at 2026-06-05T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33175
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1724
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800527
reference_id 1800527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800527
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1724
reference_id CVE-2020-1724
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1724
6
reference_url https://access.redhat.com/errata/RHSA-2020:2106
reference_id RHSA-2020:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2106
7
reference_url https://access.redhat.com/errata/RHSA-2020:2107
reference_id RHSA-2020:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2107
8
reference_url https://access.redhat.com/errata/RHSA-2020:2108
reference_id RHSA-2020:2108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2108
9
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
10
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
11
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@9.0.2
purl pkg:maven/org.keycloak/keycloak-services@9.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kg4-uvgq-5khf
1
vulnerability VCID-6gee-p7fr-1yhy
2
vulnerability VCID-9kte-cfz7-hqa3
3
vulnerability VCID-dc8s-fqv5-1uhk
4
vulnerability VCID-gr2e-ntp4-9fdg
5
vulnerability VCID-hjue-s41w-bye9
6
vulnerability VCID-hr92-2apu-abg5
7
vulnerability VCID-jm25-gtrc-zuhh
8
vulnerability VCID-wt2c-cyu2-kbgm
9
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2
aliases CVE-2020-1724, GHSA-8xj2-47xw-q78c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-13dn-ke8h-67ez
1
url VCID-2jpt-zuv4-mybb
vulnerability_id VCID-2jpt-zuv4-mybb
summary 
Improper Input Validation
A vulnerability was found in Keycloak where every Authorization URL that points to an IDP server lacks proper input validation. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1727.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1727
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.39865
published_at 2026-06-04T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.3995
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1727
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1727
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1727
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1800573
reference_id 1800573
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1800573
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1727
reference_id CVE-2020-1727
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1727
5
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
6
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
7
reference_url https://access.redhat.com/errata/RHSA-2020:5625
reference_id RHSA-2020:5625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5625
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@9.0.2
purl pkg:maven/org.keycloak/keycloak-services@9.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kg4-uvgq-5khf
1
vulnerability VCID-6gee-p7fr-1yhy
2
vulnerability VCID-9kte-cfz7-hqa3
3
vulnerability VCID-dc8s-fqv5-1uhk
4
vulnerability VCID-gr2e-ntp4-9fdg
5
vulnerability VCID-hjue-s41w-bye9
6
vulnerability VCID-hr92-2apu-abg5
7
vulnerability VCID-jm25-gtrc-zuhh
8
vulnerability VCID-wt2c-cyu2-kbgm
9
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2
aliases CVE-2020-1727
risk_score 2.9
exploitability 0.5
weighted_severity 5.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jpt-zuv4-mybb
2
url VCID-3kg4-uvgq-5khf
vulnerability_id VCID-3kg4-uvgq-5khf
summary 
Server-Side Request Forgery (SSRF)
A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
references
0
reference_url http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10770
reference_id
reference_type
scores
0
value 0.92282
scoring_system epss
scoring_elements 0.99734
published_at 2026-06-05T12:55:00Z
1
value 0.92282
scoring_system epss
scoring_elements 0.99735
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10770
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1846270
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1846270
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
6
reference_url https://github.com/keycloak/keycloak-documentation/pull/1086
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-documentation/pull/1086
7
reference_url https://github.com/keycloak/keycloak/pull/7714
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7714
8
reference_url https://issues.redhat.com/browse/KEYCLOAK-14019
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-14019
9
reference_url https://issues.redhat.com/browse/KEYCLOAK-3426
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-3426
10
reference_url https://security.archlinux.org/AVG-1577
reference_id AVG-1577
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1577
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py
reference_id CVE-2020-10770
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10770
reference_id CVE-2020-10770
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10770
13
reference_url https://github.com/advisories/GHSA-jh7q-5mwf-qvhw
reference_id GHSA-jh7q-5mwf-qvhw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh7q-5mwf-qvhw
14
reference_url https://access.redhat.com/errata/RHSA-2021:0318
reference_id RHSA-2021:0318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0318
15
reference_url https://access.redhat.com/errata/RHSA-2021:0319
reference_id RHSA-2021:0319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0319
16
reference_url https://access.redhat.com/errata/RHSA-2021:0320
reference_id RHSA-2021:0320
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0320
17
reference_url https://access.redhat.com/errata/RHSA-2021:0327
reference_id RHSA-2021:0327
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0327
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@12.0.2
purl pkg:maven/org.keycloak/keycloak-services@12.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gee-p7fr-1yhy
1
vulnerability VCID-gr2e-ntp4-9fdg
2
vulnerability VCID-hjue-s41w-bye9
3
vulnerability VCID-jm25-gtrc-zuhh
4
vulnerability VCID-wt2c-cyu2-kbgm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.2
aliases CVE-2020-10770, GHSA-jh7q-5mwf-qvhw
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kg4-uvgq-5khf
3
url VCID-97sj-h6z5-gqcj
vulnerability_id VCID-97sj-h6z5-gqcj
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1717
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.39848
published_at 2026-06-05T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.39762
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1717
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1796281
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1796281
3
reference_url https://issues.jboss.org/browse/KEYCLOAK-12014
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/KEYCLOAK-12014
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1717
reference_id CVE-2020-1717
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1717
6
reference_url https://github.com/advisories/GHSA-rvfc-g8j5-9ccf
reference_id GHSA-rvfc-g8j5-9ccf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvfc-g8j5-9ccf
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@8.0.0
purl pkg:maven/org.keycloak/keycloak-services@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2jpt-zuv4-mybb
2
vulnerability VCID-3kg4-uvgq-5khf
3
vulnerability VCID-9kte-cfz7-hqa3
4
vulnerability VCID-dc8s-fqv5-1uhk
5
vulnerability VCID-gr2e-ntp4-9fdg
6
vulnerability VCID-hjue-s41w-bye9
7
vulnerability VCID-hr92-2apu-abg5
8
vulnerability VCID-jm25-gtrc-zuhh
9
vulnerability VCID-wt2c-cyu2-kbgm
10
vulnerability VCID-y9de-4w6u-abfa
11
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@8.0.0
aliases CVE-2020-1717, GHSA-rvfc-g8j5-9ccf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-97sj-h6z5-gqcj
4
url VCID-9kte-cfz7-hqa3
vulnerability_id VCID-9kte-cfz7-hqa3
summary 
Improper Certificate Validation
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1758
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.49007
published_at 2026-06-05T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48946
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1758
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-13285
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-13285
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1812514
reference_id 1812514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1812514
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1758
reference_id CVE-2020-1758
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1758
6
reference_url https://github.com/advisories/GHSA-c597-f74m-jgc2
reference_id GHSA-c597-f74m-jgc2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c597-f74m-jgc2
7
reference_url https://access.redhat.com/errata/RHSA-2020:2106
reference_id RHSA-2020:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2106
8
reference_url https://access.redhat.com/errata/RHSA-2020:2107
reference_id RHSA-2020:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2107
9
reference_url https://access.redhat.com/errata/RHSA-2020:2108
reference_id RHSA-2020:2108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2108
10
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@10.0.0
purl pkg:maven/org.keycloak/keycloak-services@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kg4-uvgq-5khf
1
vulnerability VCID-6gee-p7fr-1yhy
2
vulnerability VCID-dc8s-fqv5-1uhk
3
vulnerability VCID-gr2e-ntp4-9fdg
4
vulnerability VCID-hjue-s41w-bye9
5
vulnerability VCID-hr92-2apu-abg5
6
vulnerability VCID-jm25-gtrc-zuhh
7
vulnerability VCID-wt2c-cyu2-kbgm
8
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@10.0.0
aliases CVE-2020-1758, GHSA-c597-f74m-jgc2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kte-cfz7-hqa3
5
url VCID-dc8s-fqv5-1uhk
vulnerability_id VCID-dc8s-fqv5-1uhk
summary 
Improper Privilege Management
It was found that Keycloak would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14389
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.3499
published_at 2026-06-04T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35086
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14389
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id 1875843
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1875843
3
reference_url https://access.redhat.com/security/cve/cve-2020-14389
reference_id CVE-2020-14389
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2020-14389
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14389
reference_id CVE-2020-14389
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14389
5
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
6
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
7
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
8
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@12.0.0
purl pkg:maven/org.keycloak/keycloak-services@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-3kg4-uvgq-5khf
2
vulnerability VCID-6gee-p7fr-1yhy
3
vulnerability VCID-gr2e-ntp4-9fdg
4
vulnerability VCID-hjue-s41w-bye9
5
vulnerability VCID-jm25-gtrc-zuhh
6
vulnerability VCID-pu4g-rbu2-nbdb
7
vulnerability VCID-wt2c-cyu2-kbgm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0
aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc8s-fqv5-1uhk
6
url VCID-gr2e-ntp4-9fdg
vulnerability_id VCID-gr2e-ntp4-9fdg
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.29814
published_at 2026-06-05T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29746
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-16550
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-16550
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
reference_id CVE-2020-1725
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
6
reference_url https://github.com/advisories/GHSA-p225-pc2x-4jpm
reference_id GHSA-p225-pc2x-4jpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p225-pc2x-4jpm
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@13.0.0
purl pkg:maven/org.keycloak/keycloak-services@13.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0
aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg
7
url VCID-hjue-s41w-bye9
vulnerability_id VCID-hjue-s41w-bye9
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14302
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35824
published_at 2026-06-04T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.3592
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14302
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1849584
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1849584
3
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
4
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14302
reference_id CVE-2020-14302
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-14302
6
reference_url https://access.redhat.com/errata/RHSA-2021:0967
reference_id RHSA-2021:0967
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0967
7
reference_url https://access.redhat.com/errata/RHSA-2021:0968
reference_id RHSA-2021:0968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0968
8
reference_url https://access.redhat.com/errata/RHSA-2021:0969
reference_id RHSA-2021:0969
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0969
9
reference_url https://access.redhat.com/errata/RHSA-2021:0974
reference_id RHSA-2021:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0974
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@13.0.0
purl pkg:maven/org.keycloak/keycloak-services@13.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0
aliases CVE-2020-14302
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjue-s41w-bye9
8
url VCID-hr92-2apu-abg5
vulnerability_id VCID-hr92-2apu-abg5
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14366
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.60031
published_at 2026-06-05T12:55:00Z
1
value 0.00384
scoring_system epss
scoring_elements 0.59983
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14366
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869764
reference_id 1869764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869764
4
reference_url https://security.archlinux.org/AVG-1471
reference_id AVG-1471
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1471
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14366
reference_id CVE-2020-14366
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14366
6
reference_url https://github.com/advisories/GHSA-cp67-8w3w-6h9c
reference_id GHSA-cp67-8w3w-6h9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp67-8w3w-6h9c
7
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@12.0.0
purl pkg:maven/org.keycloak/keycloak-services@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-3kg4-uvgq-5khf
2
vulnerability VCID-6gee-p7fr-1yhy
3
vulnerability VCID-gr2e-ntp4-9fdg
4
vulnerability VCID-hjue-s41w-bye9
5
vulnerability VCID-jm25-gtrc-zuhh
6
vulnerability VCID-pu4g-rbu2-nbdb
7
vulnerability VCID-wt2c-cyu2-kbgm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0
aliases CVE-2020-14366, GHSA-cp67-8w3w-6h9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hr92-2apu-abg5
9
url VCID-jm25-gtrc-zuhh
vulnerability_id VCID-jm25-gtrc-zuhh
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20202
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14449
published_at 2026-06-04T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14519
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20202
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1922128
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1922128
3
reference_url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j
4
reference_url https://issues.redhat.com/browse/KEYCLOAK-17000
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-17000
5
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
6
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20202
reference_id CVE-2021-20202
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20202
8
reference_url https://github.com/advisories/GHSA-6xp6-fmc8-pmmr
reference_id GHSA-6xp6-fmc8-pmmr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xp6-fmc8-pmmr
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@13.0.0
purl pkg:maven/org.keycloak/keycloak-services@13.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0
aliases CVE-2021-20202, GHSA-6xp6-fmc8-pmmr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm25-gtrc-zuhh
10
url VCID-wt2c-cyu2-kbgm
vulnerability_id VCID-wt2c-cyu2-kbgm
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27838
reference_id
reference_type
scores
0
value 0.85144
scoring_system epss
scoring_elements 0.99373
published_at 2026-06-05T12:55:00Z
1
value 0.85144
scoring_system epss
scoring_elements 0.99371
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27838
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1906797
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1906797
3
reference_url https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
4
reference_url https://github.com/keycloak/keycloak/pull/7790
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7790
5
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
6
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27838
reference_id CVE-2020-27838
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27838
8
reference_url https://github.com/advisories/GHSA-pcv5-m2wh-66j3
reference_id GHSA-pcv5-m2wh-66j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pcv5-m2wh-66j3
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@13.0.0
purl pkg:maven/org.keycloak/keycloak-services@13.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0
aliases CVE-2020-27838, GHSA-pcv5-m2wh-66j3
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2c-cyu2-kbgm
11
url VCID-y9de-4w6u-abfa
vulnerability_id VCID-y9de-4w6u-abfa
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50801
published_at 2026-06-05T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50741
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
3
reference_url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
reference_id CVE-2020-10776
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
5
reference_url https://github.com/advisories/GHSA-484q-784p-8m5h
reference_id GHSA-484q-784p-8m5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-484q-784p-8m5h
6
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
7
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
8
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
9
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@12.0.0
purl pkg:maven/org.keycloak/keycloak-services@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-3kg4-uvgq-5khf
2
vulnerability VCID-6gee-p7fr-1yhy
3
vulnerability VCID-gr2e-ntp4-9fdg
4
vulnerability VCID-hjue-s41w-bye9
5
vulnerability VCID-jm25-gtrc-zuhh
6
vulnerability VCID-pu4g-rbu2-nbdb
7
vulnerability VCID-wt2c-cyu2-kbgm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0
aliases CVE-2020-10776, GHSA-484q-784p-8m5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa
12
url VCID-zkxq-ejyr-8ba8
vulnerability_id VCID-zkxq-ejyr-8ba8
summary 
Improper Handling of Exceptional Conditions
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1744
reference_id
reference_type
scores
0
value 0.00192
scoring_system epss
scoring_elements 0.40975
published_at 2026-06-05T12:55:00Z
1
value 0.00192
scoring_system epss
scoring_elements 0.40898
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1744
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805792
reference_id 1805792
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805792
5
reference_url https://access.redhat.com/security/cve/CVE-2020-1744
reference_id CVE-2020-1744
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2020-1744
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1744
reference_id CVE-2020-1744
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1744
7
reference_url https://github.com/advisories/GHSA-4gf2-xv97-63m2
reference_id GHSA-4gf2-xv97-63m2
reference_type
scores
url https://github.com/advisories/GHSA-4gf2-xv97-63m2
8
reference_url https://access.redhat.com/errata/RHSA-2020:0945
reference_id RHSA-2020:0945
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0945
9
reference_url https://access.redhat.com/errata/RHSA-2020:0946
reference_id RHSA-2020:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0946
10
reference_url https://access.redhat.com/errata/RHSA-2020:0947
reference_id RHSA-2020:0947
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0947
11
reference_url https://access.redhat.com/errata/RHSA-2020:0951
reference_id RHSA-2020:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0951
12
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
13
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@9.0.2
purl pkg:maven/org.keycloak/keycloak-services@9.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kg4-uvgq-5khf
1
vulnerability VCID-6gee-p7fr-1yhy
2
vulnerability VCID-9kte-cfz7-hqa3
3
vulnerability VCID-dc8s-fqv5-1uhk
4
vulnerability VCID-gr2e-ntp4-9fdg
5
vulnerability VCID-hjue-s41w-bye9
6
vulnerability VCID-hr92-2apu-abg5
7
vulnerability VCID-jm25-gtrc-zuhh
8
vulnerability VCID-wt2c-cyu2-kbgm
9
vulnerability VCID-y9de-4w6u-abfa
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2
aliases CVE-2020-1744, GHSA-4gf2-xv97-63m2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkxq-ejyr-8ba8
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@7.0.1