Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-scdf-8m3d-vqff
Vulnerability ID VCID-scdf-8m3d-vqff
Aliases CVE-2022-1245
GHSA-75p6-52g3-rqc8
GMS-2022-1039
Summary Duplicate This advisory duplicates another.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-639 Authorization Bypass Through User-Controlled Key
CWE-862 Missing Authorization
CWE-863 Incorrect Authorization
System Score Found at
cvssv3 8.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2022-1245
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-75p6-52g3-rqc8
cvssv3.1 9.8 https://github.com/keycloak/keycloak
generic_textual CRITICAL https://github.com/keycloak/keycloak
cvssv3.1 9.8 https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52
generic_textual CRITICAL https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52
cvssv3.1 9.8 https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8
cvssv3.1_qr CRITICAL https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8
generic_textual CRITICAL https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1245
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2022-1245
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1245
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52
https://nvd.nist.gov/vuln/detail/CVE-2022-1245
2071036 https://bugzilla.redhat.com/show_bug.cgi?id=2071036
GHSA-75p6-52g3-rqc8 https://github.com/advisories/GHSA-75p6-52g3-rqc8
GHSA-75p6-52g3-rqc8 https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8
RHSA-2022:1709 https://access.redhat.com/errata/RHSA-2022:1709
RHSA-2022:1711 https://access.redhat.com/errata/RHSA-2022:1711
RHSA-2022:1712 https://access.redhat.com/errata/RHSA-2022:1712
RHSA-2022:1713 https://access.redhat.com/errata/RHSA-2022:1713
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1245
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.62087
EPSS Score 0.00425
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:49:53.610723+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GMS-2022-1039.yml 38.0.0