Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1?arch=el7sso

Type rpm

Namespace redhat

Name rh-sso7-keycloak

Version 4.8.20-1.Final_redhat_00001.1

Qualifiers

arch	el7sso

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-13dn-ke8h-67ez

vulnerability_id

VCID-13dn-ke8h-67ez

summary

Insufficient Session Expiration
A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged-in, to see the personal information of a previously logged-out user in the account manager section.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1724

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33175
published_at	2026-06-04T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33293
published_at	2026-06-06T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33277
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1724

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800527
reference_id	1800527
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800527

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1724

reference_id

CVE-2020-1724

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1724

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

fixed_packages

aliases

CVE-2020-1724, GHSA-8xj2-47xw-q78c

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-13dn-ke8h-67ez

url

VCID-2qmw-afpp-7qa8

vulnerability_id

VCID-2qmw-afpp-7qa8

summary

Improper Authentication
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_id

reference_type

scores

value	0.00367
scoring_system	epss
scoring_elements	0.58974
published_at	2026-06-06T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58922
published_at	2026-06-04T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5897
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756
reference_id	1796756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_id

CVE-2020-1718

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_url

https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_id

GHSA-j229-2h63-rvh9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

fixed_packages

aliases

CVE-2020-1718, GHSA-j229-2h63-rvh9

risk_score

4.0

exploitability

0.5

weighted_severity

7.9

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8

url

VCID-9kte-cfz7-hqa3

vulnerability_id

VCID-9kte-cfz7-hqa3

summary

Improper Certificate Validation
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1758

reference_id

reference_type

scores

value	0.00254
scoring_system	epss
scoring_elements	0.49016
published_at	2026-06-06T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48946
published_at	2026-06-04T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.49007
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1758

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758

reference_url

https://issues.redhat.com/browse/KEYCLOAK-13285

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-13285

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1812514
reference_id	1812514
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1812514

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1758

reference_id

CVE-2020-1758

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1758

reference_url

https://github.com/advisories/GHSA-c597-f74m-jgc2

reference_id

GHSA-c597-f74m-jgc2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c597-f74m-jgc2

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

fixed_packages

aliases

CVE-2020-1758, GHSA-c597-f74m-jgc2

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-9kte-cfz7-hqa3

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@4.8.20-1.Final_redhat_00001.1%3Farch=el7sso

Package Instance