Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-v77w-st1u-pfe6
Summary
Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.
Aliases
0
alias CVE-2026-3190
1
alias GHSA-q35r-vvhv-vx5h
Fixed_packages
0
url pkg:maven/org.keycloak/keycloak-model-jpa@26.5.6
purl pkg:maven/org.keycloak/keycloak-model-jpa@26.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-model-jpa@26.5.6
1
url pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6
purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6
2
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5d9-k9vd-fyfe
1
vulnerability VCID-mdkf-3bgs-w7dm
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-ugtk-3bjv-s3a4
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
Affected_packages
References
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3190
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/
url https://access.redhat.com/security/cve/CVE-2026-3190
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3190
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06433
published_at 2026-04-02T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08307
published_at 2026-04-21T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08278
published_at 2026-04-04T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08228
published_at 2026-04-07T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08292
published_at 2026-04-08T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.0831
published_at 2026-04-09T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08302
published_at 2026-04-11T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08281
published_at 2026-04-12T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08265
published_at 2026-04-13T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08157
published_at 2026-04-16T12:55:00Z
10
value 0.00029
scoring_system epss
scoring_elements 0.08144
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3190
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442572
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2442572
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694
8
reference_url https://github.com/keycloak/keycloak/issues/46723
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46723
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3190
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3190
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://github.com/advisories/GHSA-q35r-vvhv-vx5h
reference_id GHSA-q35r-vvhv-vx5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q35r-vvhv-vx5h
Weaknesses
0
cwe_id 280
name Improper Handling of Insufficient Permissions or Privileges
description The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-v77w-st1u-pfe6