{"url":"http://public2.vulnerablecode.io/api/packages/202421?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@2.2.0.CR1","type":"maven","namespace":"org.keycloak","name":"keycloak-services","version":"2.2.0.CR1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.6.1","latest_non_vulnerable_version":"26.6.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53187?format=json","vulnerability_id":"VCID-14c3-xa9j-mbab","summary":"Incorrect implementation of lockout feature in Keycloak\nA flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3513"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42077","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42131","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42207","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42238","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42174","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4213","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42216","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42156","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7976","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-xv7h-95r7-595j","reference_id":"GHSA-xv7h-95r7-595j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv7h-95r7-595j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223868?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2021-3513","GHSA-xv7h-95r7-595j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14c3-xa9j-mbab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28750?format=json","vulnerability_id":"VCID-2dgp-xdrz-q7dv","summary":"Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15336","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15337","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15338","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15339","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15339"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-8419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419"},{"reference_url":"https://github.com/advisories/GHSA-qj5r-2r5p-phc7","reference_id":"GHSA-qj5r-2r5p-phc7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qj5r-2r5p-phc7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63861?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3"}],"aliases":["GHSA-qj5r-2r5p-phc7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgp-xdrz-q7dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13117?format=json","vulnerability_id":"VCID-2dgt-7k4f-fyce","summary":"Keycloak path traversal vulnerability in the redirect validation\nAn issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2419","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2419"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2419","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21106","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21186","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21257","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21216","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21163","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21154","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21165","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21143","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21017","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21021","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21297","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21352","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269371","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269371"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2419","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2419"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://github.com/advisories/GHSA-mrv8-pqfj-7gp5","reference_id":"GHSA-mrv8-pqfj-7gp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrv8-pqfj-7gp5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45730?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/45732?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-2419","GHSA-mrv8-pqfj-7gp5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgt-7k4f-fyce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16972?format=json","vulnerability_id":"VCID-2xyb-g3n4-n3ca","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1274","reference_id":"","reference_type":"","scores":[{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74771","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.7475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75004","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75046","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76766","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76794","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76801","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76762","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76813","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76771","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1274"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073157","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073157"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9"},{"reference_url":"https://github.com/keycloak/keycloak/pull/16764","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/16764"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2021-0033","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/security-advisories/usd-2021-0033"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2021-0033/","reference_id":"","reference_type":"","scores":[],"url":"https://herolab.usd.de/security-advisories/usd-2021-0033/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1274","reference_id":"CVE-2022-1274","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1274"},{"reference_url":"https://github.com/advisories/GHSA-m4fv-gm5m-4725","reference_id":"GHSA-m4fv-gm5m-4725","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4fv-gm5m-4725"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725","reference_id":"GHSA-m4fv-gm5m-4725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56664?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@20.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.5"}],"aliases":["CVE-2022-1274","GHSA-m4fv-gm5m-4725","GMS-2023-528"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xyb-g3n4-n3ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12561?format=json","vulnerability_id":"VCID-3248-31p8-tyd4","summary":"Incorrect Authorization\nA flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29792","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30186","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30095","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29859","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30193","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30223","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3009","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3015","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-16550","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-16550"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725","reference_id":"CVE-2020-1725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725"},{"reference_url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm","reference_id":"GHSA-p225-pc2x-4jpm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223868?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2020-1725","GHSA-p225-pc2x-4jpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3248-31p8-tyd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13509?format=json","vulnerability_id":"VCID-3bcu-tbpy-gfg6","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20323","reference_id":"","reference_type":"","scores":[{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98527","published_at":"2026-04-26T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98513","published_at":"2026-04-12T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98519","published_at":"2026-04-16T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.9852","published_at":"2026-04-18T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98522","published_at":"2026-04-21T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98526","published_at":"2026-04-29T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98502","published_at":"2026-04-01T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98506","published_at":"2026-04-07T12:55:00Z"},{"value":"0.66054","scoring_system":"epss","scoring_elements":"0.98509","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20323"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2013577","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2013577"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20323","reference_id":"CVE-2021-20323","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20323"},{"reference_url":"https://github.com/advisories/GHSA-xpgc-j48j-jwv9","reference_id":"GHSA-xpgc-j48j-jwv9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpgc-j48j-jwv9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0407","reference_id":"RHSA-2022:0407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/291146?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@17.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@17.0.0"}],"aliases":["CVE-2021-20323","GHSA-xpgc-j48j-jwv9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3bcu-tbpy-gfg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13159?format=json","vulnerability_id":"VCID-3sh8-6vsc-1uae","summary":"Keycloak vulnerable to impersonation via logout token exchange\nKeycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-0657","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-0657"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0657","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12224","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1675","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17006","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17065","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1704","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16934","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16871","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16873","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16793","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166728","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166728"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0657","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0657"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-7fpj-9hr8-28vh","reference_id":"GHSA-7fpj-9hr8-28vh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7fpj-9hr8-28vh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45730?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/45732?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-0657","GHSA-7fpj-9hr8-28vh"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sh8-6vsc-1uae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18988?format=json","vulnerability_id":"VCID-41hy-n7tz-3bee","summary":"Keycloak's admin API allows low privilege users to use administrative functions\nUsers with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3572","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3575","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3575"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-3656","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-3656"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3656","reference_id":"","reference_type":"","scores":[{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99566","published_at":"2026-04-26T12:55:00Z"},{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99563","published_at":"2026-04-09T12:55:00Z"},{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99562","published_at":"2026-04-13T12:55:00Z"},{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99561","published_at":"2026-04-07T12:55:00Z"},{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99564","published_at":"2026-04-18T12:55:00Z"},{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.9956","published_at":"2026-04-04T12:55:00Z"},{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99559","published_at":"2026-04-02T12:55:00Z"},{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99568","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3656"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274403","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274403"},{"reference_url":"https://github.com/advisories/GHSA-2cww-fgmg-4jqc","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://github.com/advisories/GHSA-2cww-fgmg-4jqc"},{"reference_url":"https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc"},{"reference_url":"https://news.ycombinator.com/item?id=42136000","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://news.ycombinator.com/item?id=42136000"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3656","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3656"},{"reference_url":"https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59735?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["CVE-2024-3656","GHSA-2cww-fgmg-4jqc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41hy-n7tz-3bee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13958?format=json","vulnerability_id":"VCID-44rr-5gtu-bfev","summary":"Keycloak is vulnerable to IDN homograph attack\nA flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity.","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e"},{"reference_url":"https://github.com/advisories/GHSA-mwm4-5qwr-g9pf","reference_id":"GHSA-mwm4-5qwr-g9pf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwm4-5qwr-g9pf"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf","reference_id":"GHSA-mwm4-5qwr-g9pf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50013?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0"}],"aliases":["GHSA-mwm4-5qwr-g9pf","GMS-2022-1099"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44rr-5gtu-bfev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81250?format=json","vulnerability_id":"VCID-4p6v-j4up-2ye2","summary":"keycloak: missing input validation in IDP authorization URLs","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1727.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1727","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40003","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.4015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40098","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40163","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40173","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40116","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40166","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40057","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39886","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3987","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39789","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1727","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800573","reference_id":"1800573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800573"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1727","reference_id":"CVE-2020-1727","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/202473?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2"}],"aliases":["CVE-2020-1727"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4p6v-j4up-2ye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29765?format=json","vulnerability_id":"VCID-5f8r-n4mm-y3g6","summary":"Keycloak phishing attack via email verification step in first login flow\nThere is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to \"review profile\" information, which allows the the attacker to modify their email address to that of a victim's account. This triggers a verification email sent to the victim's email address. If the victim clicks the verification link, the attacker can gain access to the victim's account. While not a zero-interaction attack, the attacker's email address is not directly present in the verification email content, making it a potential phishing opportunity. \n\nThis issue has been fixed in versions 26.0.13, 26.2.6, and 26.3.0.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11986","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11987","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-7365"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02498","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02484","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03312","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03357","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03362","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03341","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03291","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03267","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03399","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03386","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04079","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04113","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/40446","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/40446"},{"reference_url":"https://github.com/keycloak/keycloak/pull/40520","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/40520"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.0.13","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.0.13"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.2.6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.2.6"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://github.com/advisories/GHSA-xhpr-465j-7p9q","reference_id":"GHSA-xhpr-465j-7p9q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhpr-465j-7p9q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70508?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/756332?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-edwz-rqc3-fqa2"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/70509?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/63858?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-8vzz-naas-a7ab"},{"vulnerability":"VCID-epcy-krft-z7d4"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-jsvn-26y8-q3ey"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-tc9b-zzjt-63c7"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-7365","GHSA-xhpr-465j-7p9q"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f8r-n4mm-y3g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20361?format=json","vulnerability_id":"VCID-5vwq-aqk5-nkh9","summary":"Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods\nA flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1190","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1190"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1190","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03614","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04597","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04608","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04592","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04564","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0454","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04549","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0458","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04543","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05222","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0518","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05221","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45646","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45646"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1190","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1190"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-63v5-26vq-m4vm","reference_id":"GHSA-63v5-26vq-m4vm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-63v5-26vq-m4vm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62643?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3"}],"aliases":["CVE-2026-1190","GHSA-63v5-26vq-m4vm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vwq-aqk5-nkh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21994?format=json","vulnerability_id":"VCID-5zh4-963a-q3gp","summary":"Keycloak vulnerable to session takeovers due to reuse of session identifiers\nA flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12390","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0135","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03206","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03131","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03093","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03033","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03162","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03165","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03158","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12390"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406793","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406793"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d"},{"reference_url":"https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80"},{"reference_url":"https://github.com/keycloak/keycloak/discussions/31265","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/discussions/31265"},{"reference_url":"https://github.com/keycloak/keycloak/issues/32197","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/32197"},{"reference_url":"https://github.com/keycloak/keycloak/issues/43853","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://github.com/keycloak/keycloak/issues/43853"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12390","reference_id":"CVE-2025-12390","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12390"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12390","reference_id":"CVE-2025-12390","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12390"},{"reference_url":"https://github.com/advisories/GHSA-rg35-5v25-mqvp","reference_id":"GHSA-rg35-5v25-mqvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg35-5v25-mqvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64592?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0"}],"aliases":["CVE-2025-12390","GHSA-rg35-5v25-mqvp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh4-963a-q3gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13396?format=json","vulnerability_id":"VCID-6hy1-r23s-cbhy","summary":"Duplicate Advisory: Keycloak Open Redirect vulnerability\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-w8gr-xwp4-r9f7. This link is maintained to preserve external references.\n\n# Original Description\nA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10385","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10386","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6878","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6879","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6880","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6882","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6886","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6887","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6888","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6889","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6890","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8823","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:8823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8824","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:8824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8826","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:8826"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-8883","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-8883"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883"},{"reference_url":"https://github.com/advisories/GHSA-vvf8-2h68-9475","reference_id":"GHSA-vvf8-2h68-9475","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvf8-2h68-9475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42661?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6"}],"aliases":["GHSA-vvf8-2h68-9475"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hy1-r23s-cbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54334?format=json","vulnerability_id":"VCID-6s4w-hv7a-ffaw","summary":"Keycloak vulnerable to Server-Side Request Forgery\nA flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.","references":[{"reference_url":"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10770","reference_id":"","reference_type":"","scores":[{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99725","published_at":"2026-04-26T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99724","published_at":"2026-04-24T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99723","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.9972","published_at":"2026-04-18T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99719","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99717","published_at":"2026-04-02T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99718","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10770"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1846270","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1846270"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2"},{"reference_url":"https://github.com/keycloak/keycloak-documentation/pull/1086","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak-documentation/pull/1086"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7714","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7714"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-14019","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-14019"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-3426","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-3426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10770","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10770"},{"reference_url":"https://security.archlinux.org/AVG-1577","reference_id":"AVG-1577","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1577"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py","reference_id":"CVE-2020-10770","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py"},{"reference_url":"https://github.com/advisories/GHSA-jh7q-5mwf-qvhw","reference_id":"GHSA-jh7q-5mwf-qvhw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh7q-5mwf-qvhw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0318","reference_id":"RHSA-2021:0318","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0318"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0319","reference_id":"RHSA-2021:0319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0320","reference_id":"RHSA-2021:0320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0327","reference_id":"RHSA-2021:0327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0327"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223841?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@12.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.2"}],"aliases":["CVE-2020-10770","GHSA-jh7q-5mwf-qvhw"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s4w-hv7a-ffaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24604?format=json","vulnerability_id":"VCID-7c1j-kcbb-v3f1","summary":"Keycloak: Information disclosure of disabled user attributes via administrative endpoint\nA flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3911","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3911"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3911","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01408","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01407","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01414","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01413","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01402","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01775","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01846","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01842","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01773","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01888","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01857","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01786","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3911"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446392","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446392"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46922","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46922"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46923","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46923"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3911","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3911"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-xh32-c9wx-phrp","reference_id":"GHSA-xh32-c9wx-phrp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh32-c9wx-phrp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68053?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a5d9-k9vd-fyfe"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3911","GHSA-xh32-c9wx-phrp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7c1j-kcbb-v3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18262?format=json","vulnerability_id":"VCID-83en-fek9-4qd7","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nKeycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4361.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4361.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4361","reference_id":"","reference_type":"","scores":[{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79759","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79745","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79738","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79699","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79683","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01293","scoring_system":"epss","scoring_elements":"0.79705","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01624","scoring_system":"epss","scoring_elements":"0.81812","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01624","scoring_system":"epss","scoring_elements":"0.81792","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01624","scoring_system":"epss","scoring_elements":"0.81814","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4361"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151618","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151618"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/"}],"url":"https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-3p62-6fjh-3p5h","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-3p62-6fjh-3p5h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4361","reference_id":"CVE-2022-4361","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4361"},{"reference_url":"https://github.com/advisories/GHSA-3p62-6fjh-3p5h","reference_id":"GHSA-3p62-6fjh-3p5h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p62-6fjh-3p5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58504?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@21.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2"}],"aliases":["CVE-2022-4361","GHSA-3p62-6fjh-3p5h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83en-fek9-4qd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12955?format=json","vulnerability_id":"VCID-91gs-k267-3kbq","summary":"Keycloak vulnerable to session hijacking via re-authentication\nA flaw was found in Keycloak. An active keycloak session can be hijacked by initiating a new authentication (having the query parameter prompt=login) and forcing the user to enter his credentials once again. If the user cancels this re-authentication by clicking Restart login, the account takeover could take place as the new session, with a different SUB, will have the same SID as the previous session.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6787","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6787"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6787","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.59694","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.59664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.59715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.5967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62156","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62164","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62187","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62192","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62177","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62188","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62204","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6787"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254375","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254375"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6787","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6787"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-c9h6-v78w-52wj","reference_id":"GHSA-c9h6-v78w-52wj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9h6-v78w-52wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45730?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/45732?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6787","GHSA-c9h6-v78w-52wj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91gs-k267-3kbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13962?format=json","vulnerability_id":"VCID-98yf-g4d3-u3g8","summary":"Keycloak is vulnerable to IDN homograph attack\nA flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37301","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37273","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3732","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37303","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37248","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37024","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36993","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37242","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37408","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37432","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37312","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37324","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3424"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933320","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933320"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3424","reference_id":"CVE-2021-3424","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3424"},{"reference_url":"https://github.com/advisories/GHSA-pf38-cw3p-22q9","reference_id":"GHSA-pf38-cw3p-22q9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf38-cw3p-22q9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2063","reference_id":"RHSA-2021:2063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2064","reference_id":"RHSA-2021:2064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2065","reference_id":"RHSA-2021:2065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2070","reference_id":"RHSA-2021:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2070"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50013?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0"}],"aliases":["CVE-2021-3424","GHSA-pf38-cw3p-22q9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98yf-g4d3-u3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13001?format=json","vulnerability_id":"VCID-9wzh-7ych-y7c6","summary":"Keycloak vulnerable to log Injection during WebAuthn authentication or registration\nA flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with \"Security Key login\" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection.\n\nAcknowledgements:\nSpecial thanks toTheresa Henze for reporting this issue and helping us improve our security.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0798","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0799","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0800","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0801","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0804","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1865","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6484","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6484"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6484","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56544","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56543","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56564","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56595","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63238","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63218","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63252","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63251","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63231","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63247","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63195","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248423","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248423"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a"},{"reference_url":"https://github.com/keycloak/keycloak/issues/25078","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/25078"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6484","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6484"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://github.com/advisories/GHSA-j628-q885-8gr5","reference_id":"GHSA-j628-q885-8gr5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j628-q885-8gr5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46416?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/46417?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.5"}],"aliases":["CVE-2023-6484","GHSA-j628-q885-8gr5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wzh-7ych-y7c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12864?format=json","vulnerability_id":"VCID-ajcu-s4zn-63cn","summary":"Keycloak secondary factor bypass in step-up authentication\nKeycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3597","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-3597"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3597","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2563","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25871","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25881","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2584","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25784","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25786","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25769","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25686","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25678","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28531","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28573","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28375","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28441","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3597"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221760","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221760"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3597","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3597"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://github.com/advisories/GHSA-4f53-xh3v-g8x4","reference_id":"GHSA-4f53-xh3v-g8x4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f53-xh3v-g8x4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45730?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/45732?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-3597","GHSA-4f53-xh3v-g8x4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajcu-s4zn-63cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25425?format=json","vulnerability_id":"VCID-bhrr-nn9f-7udu","summary":"Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-3910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910"},{"reference_url":"https://github.com/advisories/GHSA-fx44-2wx5-5fvp","reference_id":"GHSA-fx44-2wx5-5fvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fx44-2wx5-5fvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68509?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-9f1k-z7z2-d7cc"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["GHSA-fx44-2wx5-5fvp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhrr-nn9f-7udu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29220?format=json","vulnerability_id":"VCID-by72-dvnw-m3gu","summary":"Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache\nA flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-2559","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-2559"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2559","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29166","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29612","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29567","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29533","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29505","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2946","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29233","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29637","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29687","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29508","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2961","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2559"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353868","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353868"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2559","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2559"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-2935-2wfm-hhpv","reference_id":"GHSA-2935-2wfm-hhpv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2935-2wfm-hhpv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/756334?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5"}],"aliases":["CVE-2025-2559","GHSA-2935-2wfm-hhpv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-by72-dvnw-m3gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25290?format=json","vulnerability_id":"VCID-cdsa-wmby-ebbq","summary":"Duplicate Advisory: Keycloak hostname verification\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8672","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:8672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8690","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:8690"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-3501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501"},{"reference_url":"https://github.com/advisories/GHSA-r934-w73g-v4p8","reference_id":"GHSA-r934-w73g-v4p8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r934-w73g-v4p8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68509?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-9f1k-z7z2-d7cc"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["GHSA-r934-w73g-v4p8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdsa-wmby-ebbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18254?format=json","vulnerability_id":"VCID-cgf7-vbkd-cua6","summary":"Keycloak's improper input validation allows using email as username\nKeycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3754.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3754.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3754","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3754"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3754","reference_id":"","reference_type":"","scores":[{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93891","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93869","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.9387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.939","published_at":"2026-04-24T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93898","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93832","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93841","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.9385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93861","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999196","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999196"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3754","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3754"},{"reference_url":"https://github.com/advisories/GHSA-4vc8-pg5c-vg4x","reference_id":"GHSA-4vc8-pg5c-vg4x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vc8-pg5c-vg4x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58689?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.1"}],"aliases":["CVE-2021-3754","GHSA-4vc8-pg5c-vg4x"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgf7-vbkd-cua6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25494?format=json","vulnerability_id":"VCID-d2rd-6u56-yfd8","summary":"Keycloak vulnerable to two factor authentication bypass\n# Description\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-3910"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21959","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22292","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22336","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22204","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22258","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22175","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22169","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22124","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21985","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21972","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/39349","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://github.com/keycloak/keycloak/issues/39349"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://github.com/advisories/GHSA-5jfq-x6xp-7rw2","reference_id":"GHSA-5jfq-x6xp-7rw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5jfq-x6xp-7rw2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68509?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-9f1k-z7z2-d7cc"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["CVE-2025-3910","GHSA-5jfq-x6xp-7rw2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d2rd-6u56-yfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11895?format=json","vulnerability_id":"VCID-d6ku-ys87-cqh4","summary":"Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect\nA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10385","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10386","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6878","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6879","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6880","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6882","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6886","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6887","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6888","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6889","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6890","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8823","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8824","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8826","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8826"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-8883","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-8883"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8883","reference_id":"","reference_type":"","scores":[{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89836","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89801","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89815","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89849","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.8984","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89854","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89848","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05107","scoring_system":"epss","scoring_elements":"0.89863","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06592","scoring_system":"epss","scoring_elements":"0.91203","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8883"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://github.com/advisories/GHSA-w8gr-xwp4-r9f7","reference_id":"GHSA-w8gr-xwp4-r9f7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8gr-xwp4-r9f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42603?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/42635?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/42661?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6"}],"aliases":["CVE-2024-8883","GHSA-w8gr-xwp4-r9f7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6ku-ys87-cqh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80754?format=json","vulnerability_id":"VCID-djwn-hkwg-g3gk","summary":"keycloak: reusable \"state\" parameter at redirect_uri endpoint enables possibility of replay attacks","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14302","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36059","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36287","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36123","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3619","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36196","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36159","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36133","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36175","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3616","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36108","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35878","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35846","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14302"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849584","reference_id":"1849584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849584"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14302","reference_id":"CVE-2020-14302","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0967","reference_id":"RHSA-2021:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0968","reference_id":"RHSA-2021:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0969","reference_id":"RHSA-2021:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223868?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2020-14302"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djwn-hkwg-g3gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19109?format=json","vulnerability_id":"VCID-dxj3-8sk5-mfdy","summary":"Insufficient Session Expiration\nA flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8961","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8962","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8963","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8964","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8965","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45437","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45458","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45344","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45354","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3916"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916"},{"reference_url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60147?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.2"}],"aliases":["CVE-2022-3916","GHSA-97g8-xfvw-q4hg","GMS-2022-8406"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25446?format=json","vulnerability_id":"VCID-e4ub-v4ef-affb","summary":"Keycloak hostname verification\nA flaw was found in Keycloak. By setting a verification policy to 'ANY', the trust store certificate verification is skipped, which is unintended.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-3501"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25731","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26058","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26099","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25867","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25936","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25988","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25998","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25954","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25895","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25898","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25879","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25849","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25785","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25778","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272"},{"reference_url":"https://github.com/keycloak/keycloak/issues/39350","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://github.com/keycloak/keycloak/issues/39350"},{"reference_url":"https://github.com/keycloak/keycloak/pull/39366","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://github.com/keycloak/keycloak/pull/39366"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-hw58-3793-42gg","reference_id":"GHSA-hw58-3793-42gg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hw58-3793-42gg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68509?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-9f1k-z7z2-d7cc"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["CVE-2025-3501","GHSA-hw58-3793-42gg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ub-v4ef-affb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53344?format=json","vulnerability_id":"VCID-e9qa-sy57-fqby","summary":"Temporary Directory Hijacking Vulnerability in Keycloak\nA flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20202","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13894","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14134","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14078","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14036","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13984","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1395","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13986","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13961","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14047","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14184","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13999","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922128","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922128"},{"reference_url":"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-17000","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-17000"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20202","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20202"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-6xp6-fmc8-pmmr","reference_id":"GHSA-6xp6-fmc8-pmmr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xp6-fmc8-pmmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223868?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2021-20202","GHSA-6xp6-fmc8-pmmr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9qa-sy57-fqby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53130?format=json","vulnerability_id":"VCID-em5z-nvqy-fucp","summary":"Keycloak has Files or Directories Accessible to External Parties\nClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3856"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58421","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58481","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58445","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.5846","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58419","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58433","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58407","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58464","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58484","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58466","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58329","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58413","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3856"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010164","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010164"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8588","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8588"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-19422","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-19422"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3856"},{"reference_url":"https://github.com/advisories/GHSA-3w4v-rvc4-2xpw","reference_id":"GHSA-3w4v-rvc4-2xpw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3w4v-rvc4-2xpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/278524?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0"}],"aliases":["CVE-2021-3856","GHSA-3w4v-rvc4-2xpw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-em5z-nvqy-fucp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20294?format=json","vulnerability_id":"VCID-engr-q4ge-53dc","summary":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nA flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6134","reference_id":"","reference_type":"","scores":[{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85315","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85224","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85306","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85284","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85283","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85263","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85254","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85203","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6134"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249673","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249673"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6134","reference_id":"CVE-2023-6134","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-6134"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6134","reference_id":"CVE-2023-6134","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6134"},{"reference_url":"https://github.com/advisories/GHSA-cvg2-7c3j-g36j","reference_id":"GHSA-cvg2-7c3j-g36j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvg2-7c3j-g36j"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j","reference_id":"GHSA-cvg2-7c3j-g36j","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61796?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"},{"vulnerability":"VCID-zp22-a33x-bqfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/71580?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3"}],"aliases":["CVE-2023-6134","GHSA-cvg2-7c3j-g36j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-engr-q4ge-53dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11775?format=json","vulnerability_id":"VCID-ezqk-pyhr-5ffj","summary":"Keycloak has session fixation in Elytron SAML adapters\nA session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6493","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6494","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6495","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6497","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6499","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6500","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6501","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6502","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6503","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6503"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-7341","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-7341"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7341","reference_id":"","reference_type":"","scores":[{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82525","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.8243","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82448","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82444","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82471","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82478","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82496","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82492","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82487","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82524","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84634","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84596","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84623","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84632","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7341"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302064","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302064"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7341","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7341"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://github.com/advisories/GHSA-5rxp-2rhr-qwqv","reference_id":"GHSA-5rxp-2rhr-qwqv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rxp-2rhr-qwqv"},{"reference_url":"https://github.com/advisories/GHSA-j76j-rqwj-jmvv","reference_id":"GHSA-j76j-rqwj-jmvv","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://github.com/advisories/GHSA-j76j-rqwj-jmvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42265?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d6ku-ys87-cqh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/42268?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d6ku-ys87-cqh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/42271?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.5"}],"aliases":["CVE-2024-7341","GHSA-5rxp-2rhr-qwqv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezqk-pyhr-5ffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11253?format=json","vulnerability_id":"VCID-gjy5-c6by-2ufg","summary":"Improper Handling of Exceptional Conditions\nA flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1744","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40932","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40946","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56186","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56166","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56217","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56222","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56233","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56209","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56192","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56227","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56056","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56165","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1744"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805792","reference_id":"1805792","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805792"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-1744","reference_id":"CVE-2020-1744","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-1744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1744","reference_id":"CVE-2020-1744","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1744"},{"reference_url":"https://github.com/advisories/GHSA-4gf2-xv97-63m2","reference_id":"GHSA-4gf2-xv97-63m2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4gf2-xv97-63m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0945","reference_id":"RHSA-2020:0945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0946","reference_id":"RHSA-2020:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0947","reference_id":"RHSA-2020:0947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0951","reference_id":"RHSA-2020:0951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/202473?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2"}],"aliases":["CVE-2020-1744","GHSA-4gf2-xv97-63m2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjy5-c6by-2ufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53144?format=json","vulnerability_id":"VCID-gndk-728r-9yh7","summary":"Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow\nA flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3632"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66156","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66012","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6611","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66117","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66145","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8203","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8203"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-18500","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-18500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr","reference_id":"GHSA-qpq9-jpv4-6gwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/278524?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0"}],"aliases":["CVE-2021-3632","GHSA-qpq9-jpv4-6gwr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gndk-728r-9yh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21430?format=json","vulnerability_id":"VCID-gnxr-2t9g-4ye4","summary":"Keycloak SMTP Inject Vulnerability\nSpecial characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15336","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15337","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15338","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15339","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15339"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8419","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05478","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05458","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05423","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05384","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05415","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0595","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06059","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05908","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05897","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05932","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05941","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06872","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06878","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06899","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0","reference_id":"cpe:/a:redhat:build_keycloak:26.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2","reference_id":"cpe:/a:redhat:build_keycloak:26.2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-8419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419"},{"reference_url":"https://github.com/advisories/GHSA-m4j5-5x4r-2xp9","reference_id":"GHSA-m4j5-5x4r-2xp9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4j5-5x4r-2xp9"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9","reference_id":"GHSA-m4j5-5x4r-2xp9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63859?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/63861?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3"}],"aliases":["CVE-2025-8419","GHSA-m4j5-5x4r-2xp9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnxr-2t9g-4ye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24709?format=json","vulnerability_id":"VCID-gzz6-md9v-b3em","summary":"Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator\nA security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3009","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3009"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3009","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07718","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07686","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0906","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0912","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09121","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0909","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09076","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.08971","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0895","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09103","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09145","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3009"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441867","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441867"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46911"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.5.5","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.5.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3009","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3009"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-m297-3jv9-m927","reference_id":"GHSA-m297-3jv9-m927","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m297-3jv9-m927"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67983?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-c1zj-whnw-1qf6"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-tc9b-zzjt-63c7"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-3009","GHSA-m297-3jv9-m927"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzz6-md9v-b3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18876?format=json","vulnerability_id":"VCID-htax-rbrs-mbdu","summary":"Keycloak Denial of Service via account lockout\nIn any realm set with \"User (Self) registration\" a user that is registered with a username in email format can be \"locked out\" (denied from logging in) using his username.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1722.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1722.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1722","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:52:47Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1722"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1722","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41989","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41837","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41922","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61087","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61185","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61179","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61151","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61135","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61093","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61121","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61158","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1722"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265389","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:52:47Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265389"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e"},{"reference_url":"https://github.com/keycloak/keycloak/issues/29603","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/29603"},{"reference_url":"https://github.com/keycloak/keycloak/issues/29603#issuecomment-2127499627","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/29603#issuecomment-2127499627"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cq42-vhv7-xr7p","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cq42-vhv7-xr7p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1722","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1722"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-cq42-vhv7-xr7p","reference_id":"GHSA-cq42-vhv7-xr7p","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cq42-vhv7-xr7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59716?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.0"}],"aliases":["CVE-2024-1722","GHSA-cq42-vhv7-xr7p"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htax-rbrs-mbdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18896?format=json","vulnerability_id":"VCID-j4ar-u2rr-qkfu","summary":"Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)\nA flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3566","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3567","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3568","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3570","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3572","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3573","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3574","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3575","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3576","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3576"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4540","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-4540"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4540","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50856","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50837","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50839","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50824","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50841","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50885","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53996","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54047","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54014","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54025","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://github.com/advisories/GHSA-69fp-7c8p-crjr","reference_id":"GHSA-69fp-7c8p-crjr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69fp-7c8p-crjr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59735?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["CVE-2024-4540","GHSA-69fp-7c8p-crjr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4ar-u2rr-qkfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18144?format=json","vulnerability_id":"VCID-jh5h-pp29-1kbr","summary":"Client Spoofing within the Keycloak Device Authorisation Grant\nUnder certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3883","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3884","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3885","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3888","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3892","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3892"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-2585","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-2585"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2585","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29734","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2944","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29502","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29696","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2974","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29762","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29744","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29795","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29841","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29831","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29796","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29872","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196335","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196335"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2585","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2585"},{"reference_url":"https://github.com/advisories/GHSA-f5h4-wmp5-xhg6","reference_id":"GHSA-f5h4-wmp5-xhg6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f5h4-wmp5-xhg6"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6","reference_id":"GHSA-f5h4-wmp5-xhg6","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58504?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@21.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2"}],"aliases":["CVE-2023-2585","GHSA-f5h4-wmp5-xhg6"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh5h-pp29-1kbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12793?format=json","vulnerability_id":"VCID-ju1d-vwgb-bqbn","summary":"Keycloak Authorization Bypass vulnerability\nDue to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.\n\n#### Acknowledgements:\nSpecial thanks to Bastian Kanbach for reporting this issue and helping us improve our security.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6544","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6544"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6544","reference_id":"","reference_type":"","scores":[{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.76983","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77002","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.76973","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79873","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79791","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79813","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79797","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79789","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79821","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.7985","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.79857","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253116","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253116"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6544","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6544"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://github.com/advisories/GHSA-46c8-635v-68r2","reference_id":"GHSA-46c8-635v-68r2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46c8-635v-68r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45730?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/45732?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6544","GHSA-46c8-635v-68r2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ju1d-vwgb-bqbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55369?format=json","vulnerability_id":"VCID-kzc8-pgz7-6bep","summary":"Keycloak Insufficient Session Expiry\nA flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33067","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33365","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33353","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33319","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33147","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33314","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33451","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33482","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33323","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33403","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800527","reference_id":"1800527","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800527"},{"reference_url":"https://github.com/advisories/GHSA-8xj2-47xw-q78c","reference_id":"GHSA-8xj2-47xw-q78c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xj2-47xw-q78c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/202473?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2"}],"aliases":["CVE-2020-1724","GHSA-8xj2-47xw-q78c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzc8-pgz7-6bep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20891?format=json","vulnerability_id":"VCID-m3uj-4mag-kbf2","summary":"Keycloak: Missing Check on Disabled Client for Docker Registry Protocol\nA flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2733","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2733"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2733","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09472","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12873","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12924","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12727","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12807","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12823","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12643","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12651","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12763","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12781","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12743","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2733"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440895","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440895"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46462","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46462"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2733","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2733"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-fjf4-6f34-w64q","reference_id":"GHSA-fjf4-6f34-w64q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjf4-6f34-w64q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66186?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4"}],"aliases":["CVE-2026-2733","GHSA-fjf4-6f34-w64q"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3uj-4mag-kbf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24638?format=json","vulnerability_id":"VCID-mdkf-3bgs-w7dm","summary":"Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation\nA flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4874"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0647","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06461","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06535","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06468","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06456","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06507","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06542","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06548","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06645","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0663","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06619","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07783","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4874"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4874"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-22rm-wp4x-v5cx","reference_id":"GHSA-22rm-wp4x-v5cx","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22rm-wp4x-v5cx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076862?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1"}],"aliases":["CVE-2026-4874","GHSA-22rm-wp4x-v5cx"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkf-3bgs-w7dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29770?format=json","vulnerability_id":"VCID-mku9-3bpp-aqbk","summary":"Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7784","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-7784"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381861","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381861"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/41137","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/41137"},{"reference_url":"https://github.com/keycloak/keycloak/pull/41168","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/41168"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784"},{"reference_url":"https://github.com/advisories/GHSA-83j7-mhw9-388w","reference_id":"GHSA-83j7-mhw9-388w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-83j7-mhw9-388w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/570711?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2"}],"aliases":["GHSA-83j7-mhw9-388w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mku9-3bpp-aqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13517?format=json","vulnerability_id":"VCID-n76a-pfh2-57bn","summary":"Duplicate Advisory: Keycloak has a brute force login protection bypass\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-gc7q-jgjv-vjr2. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6493","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6494","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6495","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6497","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6499","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6500","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6501","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6501"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4629","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-4629"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629"},{"reference_url":"https://github.com/advisories/GHSA-8wm9-24qg-m5qj","reference_id":"GHSA-8wm9-24qg-m5qj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wm9-24qg-m5qj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48260?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.4"}],"aliases":["GHSA-8wm9-24qg-m5qj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n76a-pfh2-57bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20636?format=json","vulnerability_id":"VCID-nhe2-8dtq-gqbf","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39721","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39661","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.3973","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39739","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39703","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39687","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39737","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39708","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39624","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39432","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1","reference_id":"cpe:/a:redhat:serverless:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291"},{"reference_url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61796?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"},{"vulnerability":"VCID-zp22-a33x-bqfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/71580?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3"}],"aliases":["CVE-2023-6291","GHSA-mpwq-j3xf-7m5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29845?format=json","vulnerability_id":"VCID-nxhc-rp71-hbdk","summary":"Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11986","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:11986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11987","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:11987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-7365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/40446","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/40446"},{"reference_url":"https://github.com/keycloak/keycloak/pull/40520","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/40520"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365"},{"reference_url":"https://github.com/advisories/GHSA-gj52-35xm-gxjh","reference_id":"GHSA-gj52-35xm-gxjh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj52-35xm-gxjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63858?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-8vzz-naas-a7ab"},{"vulnerability":"VCID-epcy-krft-z7d4"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-jsvn-26y8-q3ey"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-tc9b-zzjt-63c7"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["GHSA-gj52-35xm-gxjh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nxhc-rp71-hbdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17557?format=json","vulnerability_id":"VCID-pjgz-fa5h-tkfh","summary":"org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10176","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10177","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10178","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10178"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-10270"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24967","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25028","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25056","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25064","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25053","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25133","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25148","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25107","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2491","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37337","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37165","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37311","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-10270"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-wq8x-cg39-8mrr","reference_id":"GHSA-wq8x-cg39-8mrr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq8x-cg39-8mrr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57132?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/57134?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6"}],"aliases":["CVE-2024-10270","GHSA-wq8x-cg39-8mrr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjgz-fa5h-tkfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9704?format=json","vulnerability_id":"VCID-qexf-7axp-9kas","summary":"Improper Certificate Validation\nIt was found that SAML authentication in Keycloak incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10894.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10894","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16912","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17215","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1705","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17084","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16987","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16968","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17088","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1726","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1731","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17089","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1718","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599434","reference_id":"1599434","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599434"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10894","reference_id":"CVE-2018-10894","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10894"},{"reference_url":"https://github.com/advisories/GHSA-xvv8-8wh9-9fh2","reference_id":"GHSA-xvv8-8wh9-9fh2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvv8-8wh9-9fh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53091?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@4.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-4p6v-j4up-2ye2"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@4.4.0.Final"}],"aliases":["CVE-2018-10894","GHSA-xvv8-8wh9-9fh2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qexf-7axp-9kas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25023?format=json","vulnerability_id":"VCID-qgbq-s33g-d7af","summary":"Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API\nA flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3429","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3429"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3429","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13935","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16588","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16727","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16706","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16989","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19091","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19038","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18994","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19006","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19015","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18907","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1889","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443771","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443771"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47069","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47069"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3429","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3429"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-8g9r-9wjw-37j4","reference_id":"GHSA-8g9r-9wjw-37j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g9r-9wjw-37j4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994303?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cf37-8d6y-r3d5"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-3429","GHSA-8g9r-9wjw-37j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgbq-s33g-d7af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19270?format=json","vulnerability_id":"VCID-r5g8-gcss-zuh4","summary":"Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients\nWhen a Keycloak server is configured to support mTLS authentication for OAuth/OpenID clients, it does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client and therefore access data that belongs to other clients.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3883","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3884","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3885","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3888","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3892","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3892"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2422.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2422.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-2422","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-2422"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2422","reference_id":"","reference_type":"","scores":[{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52708","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52682","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52674","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52724","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52719","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52769","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52736","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55285","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55372","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55376","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55292","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55312","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2191668","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2191668"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5c6c55945a384bfd82e51283096204dcb6f63d91","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5c6c55945a384bfd82e51283096204dcb6f63d91"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2422","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2422"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://github.com/advisories/GHSA-3qh5-qqj2-c78f","reference_id":"GHSA-3qh5-qqj2-c78f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qh5-qqj2-c78f"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-3qh5-qqj2-c78f","reference_id":"GHSA-3qh5-qqj2-c78f","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-3qh5-qqj2-c78f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58504?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@21.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2"}],"aliases":["CVE-2023-2422","GHSA-3qh5-qqj2-c78f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r5g8-gcss-zuh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20003?format=json","vulnerability_id":"VCID-rrkd-31d4-9yaq","summary":"Keycloak vulnerable to LDAP Injection on UsernameForm Login\nA flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2232","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24479","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24445","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29834","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29533","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29595","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29709","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29785","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29831","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29852","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29826","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29888","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29924","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29929","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2232"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2096994","reference_id":"2096994","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2096994"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-2232","reference_id":"CVE-2022-2232","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-2232"},{"reference_url":"https://github.com/advisories/GHSA-8hc5-rmgf-qx6p","reference_id":"GHSA-8hc5-rmgf-qx6p","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hc5-rmgf-qx6p"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p","reference_id":"GHSA-8hc5-rmgf-qx6p","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61402?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.1"}],"aliases":["CVE-2022-2232","GHSA-8hc5-rmgf-qx6p"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrkd-31d4-9yaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12578?format=json","vulnerability_id":"VCID-rssz-yqj9-b7h8","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nA vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14366","reference_id":"","reference_type":"","scores":[{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59673","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59674","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59707","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59715","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59699","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59668","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59557","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59631","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59656","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59625","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59676","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.5969","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.5971","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59693","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869764","reference_id":"1869764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869764"},{"reference_url":"https://security.archlinux.org/AVG-1471","reference_id":"AVG-1471","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1471"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14366","reference_id":"CVE-2020-14366","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14366"},{"reference_url":"https://github.com/advisories/GHSA-cp67-8w3w-6h9c","reference_id":"GHSA-cp67-8w3w-6h9c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cp67-8w3w-6h9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43987?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d1ua-u2v7-jqf8"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0"}],"aliases":["CVE-2020-14366","GHSA-cp67-8w3w-6h9c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rssz-yqj9-b7h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13934?format=json","vulnerability_id":"VCID-scdf-8m3d-vqff","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1245","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62257","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62197","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62215","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62233","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62222","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62201","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62246","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62253","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62237","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62247","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62264","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62087","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62148","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62179","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62147","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1245"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1245","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1245"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2071036","reference_id":"2071036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2071036"},{"reference_url":"https://github.com/advisories/GHSA-75p6-52g3-rqc8","reference_id":"GHSA-75p6-52g3-rqc8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75p6-52g3-rqc8"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8","reference_id":"GHSA-75p6-52g3-rqc8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1709","reference_id":"RHSA-2022:1709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1711","reference_id":"RHSA-2022:1711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1712","reference_id":"RHSA-2022:1712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1713","reference_id":"RHSA-2022:1713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50013?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0"}],"aliases":["CVE-2022-1245","GHSA-75p6-52g3-rqc8","GMS-2022-1039"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scdf-8m3d-vqff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13203?format=json","vulnerability_id":"VCID-sgbm-r5mm-sbbx","summary":"Keycloak path traversal vulnerability in redirection validation\nA flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.\n\n#### Acknowledgements:\nSpecial thanks to Axel Flamcourt for reporting this issue and helping us improve our project.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3752","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3762","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3919","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3989","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3989"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1132","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1132"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1132","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48439","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.4846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55612","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55621","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.556","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55583","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55624","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55603","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55531","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55549","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1132"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262117","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262117"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1132","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1132"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10","reference_id":"cpe:/a:redhat:amq_broker:7.10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11","reference_id":"cpe:/a:redhat:amq_broker:7.11","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6.2::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8","reference_id":"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3","reference_id":"cpe:/a:redhat:quarkus:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://github.com/advisories/GHSA-72vp-xfrc-42xm","reference_id":"GHSA-72vp-xfrc-42xm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72vp-xfrc-42xm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45730?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/45732?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-1132","GHSA-72vp-xfrc-42xm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgbm-r5mm-sbbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12563?format=json","vulnerability_id":"VCID-sk6p-vfu6-7kem","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5051","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50574","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50616","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50621","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50548","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50556","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50481","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50537","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50565","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50612","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428"},{"reference_url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776","reference_id":"CVE-2020-10776","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776"},{"reference_url":"https://github.com/advisories/GHSA-484q-784p-8m5h","reference_id":"GHSA-484q-784p-8m5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-484q-784p-8m5h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43987?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d1ua-u2v7-jqf8"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0"}],"aliases":["CVE-2020-10776","GHSA-484q-784p-8m5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sk6p-vfu6-7kem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24839?format=json","vulnerability_id":"VCID-szbr-v2vq-3kbn","summary":"Keycloak: manage-clients permission escalates to full realm admin access\nA flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3121"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01718","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07847","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08686","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08649","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08588","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08662","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08685","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08645","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08691","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08679","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08668","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08526","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08539","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442277","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442277"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46719","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3121"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-7xf9-4jfc-wgm4","reference_id":"GHSA-7xf9-4jfc-wgm4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7xf9-4jfc-wgm4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68053?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a5d9-k9vd-fyfe"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3121","GHSA-7xf9-4jfc-wgm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szbr-v2vq-3kbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42858?format=json","vulnerability_id":"VCID-th5p-51pd-3ffg","summary":"Improper privilege management in Keycloak\nA flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2020-14389","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2020-14389"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14389","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34927","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35273","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35039","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35019","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35177","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35403","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35356","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35358","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35321","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35299","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35326","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14389"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14389","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875843","reference_id":"1875843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875843"},{"reference_url":"https://github.com/advisories/GHSA-c9x9-xv66-xp3v","reference_id":"GHSA-c9x9-xv66-xp3v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9x9-xv66-xp3v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43987?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d1ua-u2v7-jqf8"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0"}],"aliases":["CVE-2020-14389","GHSA-c9x9-xv66-xp3v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-th5p-51pd-3ffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55526?format=json","vulnerability_id":"VCID-u5ba-kpd5-67bm","summary":"Keycloak discloses information without authentication\nA flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27838","reference_id":"","reference_type":"","scores":[{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99361","published_at":"2026-04-26T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99349","published_at":"2026-04-02T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99352","published_at":"2026-04-04T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99354","published_at":"2026-04-08T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99356","published_at":"2026-04-11T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99357","published_at":"2026-04-13T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.9936","published_at":"2026-04-29T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99359","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906797","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906797"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7790"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27838","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27838"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-pcv5-m2wh-66j3","reference_id":"GHSA-pcv5-m2wh-66j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcv5-m2wh-66j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223868?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2020-27838","GHSA-pcv5-m2wh-66j3"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5ba-kpd5-67bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24031?format=json","vulnerability_id":"VCID-ugtk-3bjv-s3a4","summary":"Keycloak has Improper Access Control allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false\nA flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4628"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06992","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07009","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07005","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06934","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06973","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06918","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0705","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06915","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06931","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08274","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08234","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450240","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450240"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4628"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-4pgc-gfrr-wcmg","reference_id":"GHSA-4pgc-gfrr-wcmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4pgc-gfrr-wcmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076862?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1"}],"aliases":["CVE-2026-4628","GHSA-4pgc-gfrr-wcmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugtk-3bjv-s3a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21942?format=json","vulnerability_id":"VCID-uuf2-u7xh-uuef","summary":"Keycloak does not invalidate offline sessions when the offline_access scope is removed\nA flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12110","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17639","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17685","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17403","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17556","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17569","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17522","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17411","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17422","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17457","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17369","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17346","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12110"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406033","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406033"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b"},{"reference_url":"https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7"},{"reference_url":"https://github.com/keycloak/keycloak/pull/43790","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://github.com/keycloak/keycloak/pull/43790"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12110","reference_id":"CVE-2025-12110","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12110"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12110","reference_id":"CVE-2025-12110","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12110"},{"reference_url":"https://github.com/advisories/GHSA-895x-rfqp-jh5c","reference_id":"GHSA-895x-rfqp-jh5c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-895x-rfqp-jh5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64519?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-9f1k-z7z2-d7cc"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3"}],"aliases":["CVE-2025-12110","GHSA-895x-rfqp-jh5c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uuf2-u7xh-uuef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25146?format=json","vulnerability_id":"VCID-v77w-st1u-pfe6","summary":"Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure\nA flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3190"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0831","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08292","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08228","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08302","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08245","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08285","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08307","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08144","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08157","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08265","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08281","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09712","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442572","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442572"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46723","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46723"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3190"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-q35r-vvhv-vx5h","reference_id":"GHSA-q35r-vvhv-vx5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q35r-vvhv-vx5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68053?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a5d9-k9vd-fyfe"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3190","GHSA-q35r-vvhv-vx5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v77w-st1u-pfe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18984?format=json","vulnerability_id":"VCID-v7r6-3873-77dc","summary":"Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-69fp-7c8p-crjr. This link is maintained to preserve external references.\n\n## Original Description\nA flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3566","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3567","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3568","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3570","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3572","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3573","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3574","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3575","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3576","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3576"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4540","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-4540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540"},{"reference_url":"https://github.com/advisories/GHSA-4vrx-8phj-x3mg","reference_id":"GHSA-4vrx-8phj-x3mg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vrx-8phj-x3mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59735?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["GHSA-4vrx-8phj-x3mg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7r6-3873-77dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20510?format=json","vulnerability_id":"VCID-ver5-9t6m-c3ef","summary":"Keycloak Admin REST API exposes backend schema and rules\nA flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14083","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14083"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14083","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01718","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01682","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01694","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01689","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10165","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1077","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10758","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10893","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10915","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10948","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10994","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10947","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10894","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14083"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419086","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419086"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45493","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45493"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14083","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14083"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-594w-2fwp-jwrc","reference_id":"GHSA-594w-2fwp-jwrc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-594w-2fwp-jwrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63858?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-8vzz-naas-a7ab"},{"vulnerability":"VCID-epcy-krft-z7d4"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-jsvn-26y8-q3ey"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-tc9b-zzjt-63c7"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-14083","GHSA-594w-2fwp-jwrc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ver5-9t6m-c3ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17283?format=json","vulnerability_id":"VCID-vstv-ec14-quc5","summary":"Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10176","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10177","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10178","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10178"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-10270"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270"},{"reference_url":"https://github.com/advisories/GHSA-j3x3-r585-4qhg","reference_id":"GHSA-j3x3-r585-4qhg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3x3-r585-4qhg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57132?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/57134?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6"}],"aliases":["GHSA-j3x3-r585-4qhg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vstv-ec14-quc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20419?format=json","vulnerability_id":"VCID-w5f1-xryr-fucq","summary":"Keycloak does not validate and update refresh token usage atomically\nA flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1035","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1035"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1035","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01303","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01234","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01214","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01209","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01222","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01295","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01301","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01307","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01204","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01219","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01228","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1035"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430314","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430314"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45647","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45647"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1035","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1035"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-m2w5-7xhv-w6fh","reference_id":"GHSA-m2w5-7xhv-w6fh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2w5-7xhv-w6fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63858?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-8vzz-naas-a7ab"},{"vulnerability":"VCID-epcy-krft-z7d4"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-jsvn-26y8-q3ey"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-tc9b-zzjt-63c7"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2026-1035","GHSA-m2w5-7xhv-w6fh"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5f1-xryr-fucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12713?format=json","vulnerability_id":"VCID-whsx-d6an-hkdm","summary":"Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow\nKeycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL (ACS), including JavaScript URIs (javascript:).\n\nAllowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission.\n\n#### Acknowledgements:\nSpecial thanks to Lauritz Holtmann for reporting this issue and helping us improve our project.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1353","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4057","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:4057"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6717","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6717"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6717","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22496","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22498","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22506","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22662","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22709","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22712","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22695","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23263","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23306","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23169","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2322","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6717"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253952","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253952"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6717","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6717"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1","reference_id":"cpe:/a:redhat:openshift_gitops:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.33::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3","reference_id":"cpe:/a:redhat:quarkus:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1","reference_id":"cpe:/a:redhat:rhdh:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://github.com/advisories/GHSA-8rmm-gm28-pj8q","reference_id":"GHSA-8rmm-gm28-pj8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8rmm-gm28-pj8q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45730?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/45732?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6717","GHSA-8rmm-gm28-pj8q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whsx-d6an-hkdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21394?format=json","vulnerability_id":"VCID-x4aw-v76q-vbdc","summary":"Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass\nA flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12150","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12150"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12150","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0174","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01613","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01619","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01627","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01604","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01591","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01695","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01709","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01703","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12150"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406192","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406192"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339"},{"reference_url":"https://github.com/keycloak/keycloak/issues/35110","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/35110"},{"reference_url":"https://github.com/keycloak/keycloak/issues/43723","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://github.com/keycloak/keycloak/issues/43723"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12150","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12150"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-7g5x-9c4v-4w5r","reference_id":"GHSA-7g5x-9c4v-4w5r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g5x-9c4v-4w5r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63794?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4"}],"aliases":["CVE-2025-12150","GHSA-7g5x-9c4v-4w5r"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4aw-v76q-vbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23328?format=json","vulnerability_id":"VCID-xd7x-aevv-cfcp","summary":"Keycloak: Denial of Service due to excessive SAMLRequest decompression\nA flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2575"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08543","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08537","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08449","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08531","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08517","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08376","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08501","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13011","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13142","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13113","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440149","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440149"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46372","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46372"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2575"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-xv6h-r36f-3gp5","reference_id":"GHSA-xv6h-r36f-3gp5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv6h-r36f-3gp5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66186?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4"}],"aliases":["CVE-2026-2575","GHSA-xv6h-r36f-3gp5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xd7x-aevv-cfcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12718?format=json","vulnerability_id":"VCID-xdxx-tdkj-wbba","summary":"Improper Certificate Validation\nA flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48706","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48759","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48756","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48747","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48755","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48804","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.488","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48685","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48704","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-13285","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-13285"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514","reference_id":"1812514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758","reference_id":"CVE-2020-1758","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758"},{"reference_url":"https://github.com/advisories/GHSA-c597-f74m-jgc2","reference_id":"GHSA-c597-f74m-jgc2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c597-f74m-jgc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48515?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-44rr-5gtu-bfev"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-98yf-g4d3-u3g8"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-scdf-8m3d-vqff"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-xy58-u3se-wfdb"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@10.0.0"}],"aliases":["CVE-2020-1758","GHSA-c597-f74m-jgc2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdxx-tdkj-wbba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23854?format=json","vulnerability_id":"VCID-xfnw-15sz-zyfr","summary":"Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions\nA flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14082","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01382","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01613","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01607","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01604","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02172","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02131","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02087","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.021","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02187","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02157","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02147","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419078","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419078"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14082","reference_id":"CVE-2025-14082","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14082"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14082","reference_id":"CVE-2025-14082","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14082"},{"reference_url":"https://github.com/advisories/GHSA-6q37-7866-h27j","reference_id":"GHSA-6q37-7866-h27j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q37-7866-h27j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66886?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-8vzz-naas-a7ab"},{"vulnerability":"VCID-a5d9-k9vd-fyfe"},{"vulnerability":"VCID-baux-3v7g-tucw"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j5bq-q689-qbg3"},{"vulnerability":"VCID-jsvn-26y8-q3ey"},{"vulnerability":"VCID-khfk-1gas-vfan"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-tc9b-zzjt-63c7"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0"}],"aliases":["CVE-2025-14082","GHSA-6q37-7866-h27j"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfnw-15sz-zyfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18602?format=json","vulnerability_id":"VCID-xy58-u3se-wfdb","summary":"Keycloak vulnerable to user impersonation via stolen UUID code\nKeycloak's OpenID Connect user authentication was found to incorrectly authenticate requests. An authenticated attacker who could also obtain a certain piece of info from a user request, from a victim within the same realm, could use that data to impersonate the victim and generate new session tokens.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0264.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0264.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-0264","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-0264"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0264","reference_id":"","reference_type":"","scores":[{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88358","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88345","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88353","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88343","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88337","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88317","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88299","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88313","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88355","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04047","scoring_system":"epss","scoring_elements":"0.88542","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04047","scoring_system":"epss","scoring_elements":"0.88537","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04047","scoring_system":"epss","scoring_elements":"0.88543","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0264"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0264","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160585","reference_id":"2160585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160585"},{"reference_url":"https://github.com/advisories/GHSA-9g98-5mj6-f9mv","reference_id":"GHSA-9g98-5mj6-f9mv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9g98-5mj6-f9mv"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv","reference_id":"GHSA-9g98-5mj6-f9mv","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59332?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@19.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@19.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/71835?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@21.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-2dgt-7k4f-fyce"},{"vulnerability":"VCID-3sh8-6vsc-1uae"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-83en-fek9-4qd7"},{"vulnerability":"VCID-91gs-k267-3kbq"},{"vulnerability":"VCID-9wzh-7ych-y7c6"},{"vulnerability":"VCID-ajcu-s4zn-63cn"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-cgf7-vbkd-cua6"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-htax-rbrs-mbdu"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-jh5h-pp29-1kbr"},{"vulnerability":"VCID-ju1d-vwgb-bqbn"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-r5g8-gcss-zuh4"},{"vulnerability":"VCID-rrkd-31d4-9yaq"},{"vulnerability":"VCID-sgbm-r5mm-sbbx"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-whsx-d6an-hkdm"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"},{"vulnerability":"VCID-z2bw-n4x2-a7gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.0.1"}],"aliases":["CVE-2023-0264","GHSA-9g98-5mj6-f9mv","GMS-2023-573"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xy58-u3se-wfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25142?format=json","vulnerability_id":"VCID-y1h3-yyn9-53fr","summary":"Keycloak: Unauthorized authentication via disabled SAML Identity Provider\nA flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3925","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3926","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2603"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38518","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38444","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38556","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40884","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45478","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45482","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4947","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4948","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49479","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2603"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440300","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440300"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46911"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46932","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46932"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2603"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-x4p7-7chp-64hq","reference_id":"GHSA-x4p7-7chp-64hq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4p7-7chp-64hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1066759?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0"}],"aliases":["CVE-2026-2603","GHSA-x4p7-7chp-64hq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13359?format=json","vulnerability_id":"VCID-ysyw-rgyv-bkhj","summary":"Keycloak Services has a potential bypass of brute force protection\nIf an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6493","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6494","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6495","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6497","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6499","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6500","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6501","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6501"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4629","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-4629"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4629","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63431","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63405","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63423","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63435","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78008","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77923","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77933","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.7796","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77991","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77975","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.77973","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78009","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4629"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416"},{"reference_url":"https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200"},{"reference_url":"https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562"},{"reference_url":"https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://github.com/advisories/GHSA-gc7q-jgjv-vjr2","reference_id":"GHSA-gc7q-jgjv-vjr2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc7q-jgjv-vjr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42265?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d6ku-ys87-cqh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/42268?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d6ku-ys87-cqh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/47696?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.4"}],"aliases":["CVE-2024-4629","GHSA-gc7q-jgjv-vjr2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyw-rgyv-bkhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12721?format=json","vulnerability_id":"VCID-z2bw-n4x2-a7gj","summary":"Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS\nA potential security flaw in the \"checkLoginIframe\" which allows unvalidated cross-origin messages, enabling potential DDoS attacks. By exploiting this vulnerability, attackers could coordinate to send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.\n\n#### Acknowledgements\nSpecial thanks to Adriano Márcio Monteiro from BRZTEC for reporting this issue and helping us improve our project.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4057","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:4057"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1249","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1249"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1249","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37939","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38318","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38282","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38257","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38304","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38284","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38057","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39001","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39019","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38912","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.39004","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38952","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1249"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262918","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262918"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26"},{"reference_url":"https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1249","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1249"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1","reference_id":"cpe:/a:redhat:amq_streams:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.33::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1","reference_id":"cpe:/a:redhat:rhdh:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://github.com/advisories/GHSA-m6q9-p373-g5q8","reference_id":"GHSA-m6q9-p373-g5q8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6q9-p373-g5q8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45730?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/45732?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dgp-xdrz-q7dv"},{"vulnerability":"VCID-41hy-n7tz-3bee"},{"vulnerability":"VCID-5f8r-n4mm-y3g6"},{"vulnerability":"VCID-5vwq-aqk5-nkh9"},{"vulnerability":"VCID-5zh4-963a-q3gp"},{"vulnerability":"VCID-6hy1-r23s-cbhy"},{"vulnerability":"VCID-7c1j-kcbb-v3f1"},{"vulnerability":"VCID-bhrr-nn9f-7udu"},{"vulnerability":"VCID-by72-dvnw-m3gu"},{"vulnerability":"VCID-cdsa-wmby-ebbq"},{"vulnerability":"VCID-d2rd-6u56-yfd8"},{"vulnerability":"VCID-d6ku-ys87-cqh4"},{"vulnerability":"VCID-e4ub-v4ef-affb"},{"vulnerability":"VCID-ezqk-pyhr-5ffj"},{"vulnerability":"VCID-gnxr-2t9g-4ye4"},{"vulnerability":"VCID-gzz6-md9v-b3em"},{"vulnerability":"VCID-j4ar-u2rr-qkfu"},{"vulnerability":"VCID-m3uj-4mag-kbf2"},{"vulnerability":"VCID-mdkf-3bgs-w7dm"},{"vulnerability":"VCID-mku9-3bpp-aqbk"},{"vulnerability":"VCID-n76a-pfh2-57bn"},{"vulnerability":"VCID-nxhc-rp71-hbdk"},{"vulnerability":"VCID-pjgz-fa5h-tkfh"},{"vulnerability":"VCID-qgbq-s33g-d7af"},{"vulnerability":"VCID-szbr-v2vq-3kbn"},{"vulnerability":"VCID-ugtk-3bjv-s3a4"},{"vulnerability":"VCID-uuf2-u7xh-uuef"},{"vulnerability":"VCID-v77w-st1u-pfe6"},{"vulnerability":"VCID-v7r6-3873-77dc"},{"vulnerability":"VCID-ver5-9t6m-c3ef"},{"vulnerability":"VCID-vstv-ec14-quc5"},{"vulnerability":"VCID-w5f1-xryr-fucq"},{"vulnerability":"VCID-x4aw-v76q-vbdc"},{"vulnerability":"VCID-xd7x-aevv-cfcp"},{"vulnerability":"VCID-xfnw-15sz-zyfr"},{"vulnerability":"VCID-y1h3-yyn9-53fr"},{"vulnerability":"VCID-ysyw-rgyv-bkhj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-1249","GHSA-m6q9-p373-g5q8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2bw-n4x2-a7gj"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@2.2.0.CR1"}