Package Instance

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1724

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800527
reference_id	1800527
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800527

reference_url

reference_id

CVE-2020-1724

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1724

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@9.0.2

purl pkg:maven/org.keycloak/keycloak-core@9.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.2

aliases CVE-2020-1724, GHSA-8xj2-47xw-q78c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-13dn-ke8h-67ez

url VCID-2ba6-j1fs-2kfc

vulnerability_id VCID-2ba6-j1fs-2kfc

summary arbitrary code execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1714.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1714.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1714

reference_id

reference_type

scores

value	0.02152
scoring_system	epss
scoring_elements	0.84568
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1714

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/33863ba16117844930a38ebde57a25258f5b80fd

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/33863ba16117844930a38ebde57a25258f5b80fd

reference_url

https://github.com/keycloak/keycloak/pull/7053

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7053

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1705975
reference_id	1705975
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1705975

reference_url	https://security.archlinux.org/ASA-202005-8
reference_id	ASA-202005-8
reference_type
scores
url	https://security.archlinux.org/ASA-202005-8

reference_url

https://security.archlinux.org/AVG-1158

reference_id

AVG-1158

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1158

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1714

reference_id

CVE-2020-1714

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1714

reference_url	https://github.com/advisories/GHSA-m6mm-q862-j366
reference_id	GHSA-m6mm-q862-j366
reference_type
scores
url	https://github.com/advisories/GHSA-m6mm-q862-j366

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:2814
reference_id	RHSA-2020:2814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2814

reference_url	https://access.redhat.com/errata/RHSA-2020:2816
reference_id	RHSA-2020:2816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2816

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3017
reference_id	RHSA-2020:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3017

reference_url	https://access.redhat.com/errata/RHSA-2020:3675
reference_id	RHSA-2020:3675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3675

reference_url	https://access.redhat.com/errata/RHSA-2020:3678
reference_id	RHSA-2020:3678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3678

reference_url	https://access.redhat.com/errata/RHSA-2020:4252
reference_id	RHSA-2020:4252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4252

reference_url	https://access.redhat.com/errata/RHSA-2020:5568
reference_id	RHSA-2020:5568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5568

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@11.0.0

purl pkg:maven/org.keycloak/keycloak-core@11.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@11.0.0

aliases CVE-2020-1714, GHSA-m6mm-q862-j366

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ba6-j1fs-2kfc

url VCID-2qmw-afpp-7qa8

vulnerability_id VCID-2qmw-afpp-7qa8

summary

Improper Authentication
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_id

reference_type

scores

value	0.00367
scoring_system	epss
scoring_elements	0.58922
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1718

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756
reference_id	1796756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1796756

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_id

CVE-2020-1718

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1718

reference_url	https://github.com/advisories/GHSA-j229-2h63-rvh9
reference_id	GHSA-j229-2h63-rvh9
reference_type
scores
url	https://github.com/advisories/GHSA-j229-2h63-rvh9

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@8.0.0

purl pkg:maven/org.keycloak/keycloak-core@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0

aliases CVE-2020-1718, GHSA-j229-2h63-rvh9

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8

url VCID-3kg4-uvgq-5khf

vulnerability_id VCID-3kg4-uvgq-5khf

summary

Server-Side Request Forgery (SSRF)
A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

references

reference_url

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10770

reference_id

reference_type

scores

value	0.92282
scoring_system	epss
scoring_elements	0.99735
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10770

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1846270

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-documentation/pull/1086

reference_url	https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-documentation/pull/1086

reference_url

https://github.com/keycloak/keycloak/pull/7714

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7714

reference_url

https://issues.redhat.com/browse/KEYCLOAK-14019

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-14019

reference_url

https://issues.redhat.com/browse/KEYCLOAK-3426

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-3426

reference_url

https://security.archlinux.org/AVG-1577

reference_id

AVG-1577

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1577

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py
reference_id	CVE-2020-10770
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10770

reference_id

CVE-2020-10770

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10770

reference_url	https://access.redhat.com/errata/RHSA-2021:0318
reference_id	RHSA-2021:0318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0318

reference_url	https://access.redhat.com/errata/RHSA-2021:0319
reference_id	RHSA-2021:0319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0319

reference_url	https://access.redhat.com/errata/RHSA-2021:0320
reference_id	RHSA-2021:0320
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0320

reference_url	https://access.redhat.com/errata/RHSA-2021:0327
reference_id	RHSA-2021:0327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0327

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@12.0.2

purl pkg:maven/org.keycloak/keycloak-core@12.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wt2c-cyu2-kbgm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.2

url	pkg:maven/org.keycloak/keycloak-core@13.0.0
purl	pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0

aliases CVE-2020-10770, GHSA-jh7q-5mwf-qvhw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kg4-uvgq-5khf

url VCID-5zh6-37gp-pbas

vulnerability_id VCID-5zh6-37gp-pbas

summary

Improper Authentication
The SAML broker consumer endpoint in Keycloak ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14637

reference_id

reference_type

scores

value	0.00301
scoring_system	epss
scoring_elements	0.53672
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14637

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637

reference_url	https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1627851
reference_id	1627851
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1627851

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14637

reference_id

CVE-2018-14637

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14637

reference_url

https://github.com/advisories/GHSA-gf2j-7qwg-4f5x

reference_id

GHSA-gf2j-7qwg-4f5x

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gf2j-7qwg-4f5x

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@4.6.0.Final

purl pkg:maven/org.keycloak/keycloak-core@4.6.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.6.0.Final

url	pkg:maven/org.keycloak/keycloak-core@4.6.0
purl	pkg:maven/org.keycloak/keycloak-core@4.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.6.0

aliases CVE-2018-14637, GHSA-gf2j-7qwg-4f5x

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh6-37gp-pbas

url VCID-9719-srgk-33dh

vulnerability_id VCID-9719-srgk-33dh

summary

Improper Certificate Validation
The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols (`http` or `ldap`) and hence the caller should verify the signature and possibly the certification path. Keycloak currently does not validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3875

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.15078
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3875

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875

reference_url	http://www.securityfocus.com/bid/108748
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/108748

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1690628
reference_id	1690628
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1690628

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3875

reference_id

CVE-2019-3875

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3875

reference_url	https://github.com/advisories/GHSA-38cg-gg9j-q9j9
reference_id	GHSA-38cg-gg9j-q9j9
reference_type
scores
url	https://github.com/advisories/GHSA-38cg-gg9j-q9j9

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@7.0.0

purl pkg:maven/org.keycloak/keycloak-core@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0

aliases CVE-2019-3875, GHSA-38cg-gg9j-q9j9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9719-srgk-33dh

url VCID-9kte-cfz7-hqa3

vulnerability_id VCID-9kte-cfz7-hqa3

summary

Improper Certificate Validation
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1758

reference_id

reference_type

scores

value	0.00254
scoring_system	epss
scoring_elements	0.48946
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1758

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758

reference_url

https://issues.redhat.com/browse/KEYCLOAK-13285

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-13285

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1812514
reference_id	1812514
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1812514

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1758

reference_id

CVE-2020-1758

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1758

reference_url	https://github.com/advisories/GHSA-c597-f74m-jgc2
reference_id	GHSA-c597-f74m-jgc2
reference_type
scores
url	https://github.com/advisories/GHSA-c597-f74m-jgc2

reference_url	https://access.redhat.com/errata/RHSA-2020:2106
reference_id	RHSA-2020:2106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2106

reference_url	https://access.redhat.com/errata/RHSA-2020:2107
reference_id	RHSA-2020:2107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2107

reference_url	https://access.redhat.com/errata/RHSA-2020:2108
reference_id	RHSA-2020:2108
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2108

reference_url	https://access.redhat.com/errata/RHSA-2020:2112
reference_id	RHSA-2020:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2112

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@10.0.0

purl pkg:maven/org.keycloak/keycloak-core@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0

aliases CVE-2020-1758, GHSA-c597-f74m-jgc2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kte-cfz7-hqa3

url VCID-asw1-xz83-tqb3

vulnerability_id VCID-asw1-xz83-tqb3

summary

Information Exposure
It was found that while parsing the SAML messages the `StaxParserUtil` class of keycloak replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request `ID` field to be the chosen system property which could be obtained in the `InResponseTo` field in the response.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2582

reference_id

reference_type

scores

value	0.00629
scoring_system	epss
scoring_elements	0.70652
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2582

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582

reference_url	http://www.securityfocus.com/bid/101046
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101046

reference_url	http://www.securitytracker.com/id/1041707
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041707

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1410481
reference_id	1410481
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1410481

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2582

reference_id

CVE-2017-2582

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2582

reference_url

https://github.com/advisories/GHSA-c77r-6f64-478q

reference_id

GHSA-c77r-6f64-478q

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-c77r-6f64-478q

reference_url	https://access.redhat.com/errata/RHSA-2017:3216
reference_id	RHSA-2017:3216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3216

reference_url	https://access.redhat.com/errata/RHSA-2017:3217
reference_id	RHSA-2017:3217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3217

reference_url	https://access.redhat.com/errata/RHSA-2017:3218
reference_id	RHSA-2017:3218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3218

reference_url	https://access.redhat.com/errata/RHSA-2017:3219
reference_id	RHSA-2017:3219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3219

reference_url	https://access.redhat.com/errata/RHSA-2017:3220
reference_id	RHSA-2017:3220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3220

reference_url	https://access.redhat.com/errata/RHSA-2019:0136
reference_id	RHSA-2019:0136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0136

reference_url	https://access.redhat.com/errata/RHSA-2019:0137
reference_id	RHSA-2019:0137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0137

reference_url	https://access.redhat.com/errata/RHSA-2019:0139
reference_id	RHSA-2019:0139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0139

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

purl pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-5zh6-37gp-pbas

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hdx2-k9s5-zqff

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-mkkw-kxbq-7yhg

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-vgbc-v44r-vugq

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

url	pkg:maven/org.keycloak/keycloak-core@2.5.1
purl	pkg:maven/org.keycloak/keycloak-core@2.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1

aliases CVE-2017-2582, GHSA-c77r-6f64-478q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-asw1-xz83-tqb3

url VCID-cg94-7n2h-7fac

vulnerability_id VCID-cg94-7n2h-7fac

summary

Improper Input Validation
It was found that Keycloak's account console did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10199

reference_id

reference_type

scores

value	0.00095
scoring_system	epss
scoring_elements	0.26326
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10199

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10199

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1729261
reference_id	1729261
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1729261

reference_url

reference_id

CVE-2019-10199

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10199

reference_url	https://github.com/advisories/GHSA-p5xp-6vpf-jwvh
reference_id	GHSA-p5xp-6vpf-jwvh
reference_type
scores
url	https://github.com/advisories/GHSA-p5xp-6vpf-jwvh

reference_url	https://access.redhat.com/errata/RHSA-2019:2483
reference_id	RHSA-2019:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2483

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@7.0.0

purl pkg:maven/org.keycloak/keycloak-core@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0

aliases CVE-2019-10199, GHSA-p5xp-6vpf-jwvh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg94-7n2h-7fac

url VCID-cwqj-tnbj-3ubh

vulnerability_id VCID-cwqj-tnbj-3ubh

summary

Information Exposure
A logged exception in the `HttpMethod` class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1698

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.16104
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1698

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698

reference_url

https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836

reference_url

https://github.com/keycloak/keycloak/pull/6751

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/6751

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1790292
reference_id	1790292
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1790292

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1698

reference_id

CVE-2020-1698

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1698

reference_url	https://access.redhat.com/errata/RHSA-2020:2252
reference_id	RHSA-2020:2252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2252

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:5625
reference_id	RHSA-2020:5625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5625

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@9.0.0

purl pkg:maven/org.keycloak/keycloak-core@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.0

aliases CVE-2020-1698, GHSA-qgmm-f2qw-r95f

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwqj-tnbj-3ubh

url VCID-dc8s-fqv5-1uhk

vulnerability_id VCID-dc8s-fqv5-1uhk

summary

Improper Privilege Management
It was found that Keycloak would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_id

reference_type

scores

value	0.00148
scoring_system	epss
scoring_elements	0.3499
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14389

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id	1875843
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1875843

reference_url

https://access.redhat.com/security/cve/cve-2020-14389

reference_id

CVE-2020-14389

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2020-14389

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_id

CVE-2020-14389

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14389

reference_url	https://access.redhat.com/errata/RHSA-2020:4929
reference_id	RHSA-2020:4929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4929

reference_url	https://access.redhat.com/errata/RHSA-2020:4930
reference_id	RHSA-2020:4930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4930

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4932
reference_id	RHSA-2020:4932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4932

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@12.0.0

purl pkg:maven/org.keycloak/keycloak-core@12.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-pu4g-rbu2-nbdb

vulnerability	VCID-wt2c-cyu2-kbgm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0

aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc8s-fqv5-1uhk

url VCID-djda-aqxt-s3e9

vulnerability_id VCID-djda-aqxt-s3e9

summary

Information Exposure
Keycloak allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user's browser session.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:1140

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1140

reference_url

https://access.redhat.com/errata/RHSA-2019:2998

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2998

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3868

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51125
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3868

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868

reference_url

http://www.securityfocus.com/bid/108061

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108061

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1679144
reference_id	1679144
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1679144

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3868

reference_id

CVE-2019-3868

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3868

reference_url	https://github.com/advisories/GHSA-gc52-xj6p-9pxp
reference_id	GHSA-gc52-xj6p-9pxp
reference_type
scores
url	https://github.com/advisories/GHSA-gc52-xj6p-9pxp

reference_url	https://access.redhat.com/errata/RHSA-2019:0856
reference_id	RHSA-2019:0856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0856

reference_url	https://access.redhat.com/errata/RHSA-2019:0857
reference_id	RHSA-2019:0857
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0857

reference_url	https://access.redhat.com/errata/RHSA-2019:0868
reference_id	RHSA-2019:0868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0868

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@6.0.0

purl pkg:maven/org.keycloak/keycloak-core@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@6.0.0

aliases CVE-2019-3868, GHSA-gc52-xj6p-9pxp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djda-aqxt-s3e9

url VCID-ek3f-9qnu-27gv

vulnerability_id VCID-ek3f-9qnu-27gv

summary

Information Exposure
Keycloak has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.

references

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2585.json

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2585.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2585

reference_id

reference_type

scores

value	0.00671
scoring_system	epss
scoring_elements	0.71773
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2585

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1412376

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1412376

reference_url

https://web.archive.org/web/20170420113802/http://www.securitytracker.com/id/1038180

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170420113802/http://www.securitytracker.com/id/1038180

reference_url

https://web.archive.org/web/20200227175650/http://www.securityfocus.com/bid/97393

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227175650/http://www.securityfocus.com/bid/97393

reference_url	http://www.securityfocus.com/bid/97393
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97393

reference_url	http://www.securitytracker.com/id/1038180
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038180

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2585

reference_id

CVE-2017-2585

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2585

reference_url

https://github.com/advisories/GHSA-w6gv-3r3v-gwgj

reference_id

GHSA-w6gv-3r3v-gwgj

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-w6gv-3r3v-gwgj

reference_url	https://access.redhat.com/errata/RHSA-2017:0876
reference_id	RHSA-2017:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0876

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

purl pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-5zh6-37gp-pbas

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hdx2-k9s5-zqff

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-mkkw-kxbq-7yhg

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-vgbc-v44r-vugq

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1.Final

url	pkg:maven/org.keycloak/keycloak-core@2.5.1
purl	pkg:maven/org.keycloak/keycloak-core@2.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1

aliases CVE-2017-2585, GHSA-w6gv-3r3v-gwgj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek3f-9qnu-27gv

url VCID-gr2e-ntp4-9fdg

vulnerability_id VCID-gr2e-ntp4-9fdg

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.29746
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1725

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1765129

reference_url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-16550

reference_url

https://security.archlinux.org/AVG-1332

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1332

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_id

CVE-2020-1725

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1725

reference_url	https://github.com/advisories/GHSA-p225-pc2x-4jpm
reference_id	GHSA-p225-pc2x-4jpm
reference_type
scores
url	https://github.com/advisories/GHSA-p225-pc2x-4jpm

fixed_packages

url	pkg:maven/org.keycloak/keycloak-core@13.0.0
purl	pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0

aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg

url VCID-h539-621j-d7bn

vulnerability_id VCID-h539-621j-d7bn

summary

Use of Insufficiently Random Values
A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1731.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1731.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1731

reference_id

reference_type

scores

value	0.00389
scoring_system	epss
scoring_elements	0.60295
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1731

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1801713
reference_id	1801713
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1801713

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1731

reference_id

CVE-2020-1731

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1731

reference_url	https://github.com/advisories/GHSA-6pmv-7pr9-cgrj
reference_id	GHSA-6pmv-7pr9-cgrj
reference_type
scores
url	https://github.com/advisories/GHSA-6pmv-7pr9-cgrj

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@8.0.2

purl pkg:maven/org.keycloak/keycloak-core@8.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.2

aliases CVE-2020-1731, GHSA-6pmv-7pr9-cgrj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h539-621j-d7bn

url VCID-hdx2-k9s5-zqff

vulnerability_id VCID-hdx2-k9s5-zqff

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10912.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10912.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10912

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.65079
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10912

reference_url

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10912

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1607624
reference_id	1607624
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1607624

reference_url

reference_id

CVE-2018-10912

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10912

reference_url

https://github.com/advisories/GHSA-h7j7-pw3v-3v3x

reference_id

GHSA-h7j7-pw3v-3v3x

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h7j7-pw3v-3v3x

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@4.0.0.Final

purl pkg:maven/org.keycloak/keycloak-core@4.0.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-5zh6-37gp-pbas

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.0.0.Final

url	pkg:maven/org.keycloak/keycloak-core@4.0.0
purl	pkg:maven/org.keycloak/keycloak-core@4.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.0.0

aliases CVE-2018-10912, GHSA-h7j7-pw3v-3v3x

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdx2-k9s5-zqff

url VCID-hjue-s41w-bye9

vulnerability_id VCID-hjue-s41w-bye9

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14302

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.35824
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14302

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1849584
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1849584

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2646.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-14302
reference_id	CVE-2020-14302
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-14302

reference_url	https://access.redhat.com/errata/RHSA-2021:0967
reference_id	RHSA-2021:0967
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0967

reference_url	https://access.redhat.com/errata/RHSA-2021:0968
reference_id	RHSA-2021:0968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0968

reference_url	https://access.redhat.com/errata/RHSA-2021:0969
reference_id	RHSA-2021:0969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0969

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

fixed_packages

url	pkg:maven/org.keycloak/keycloak-core@13.0.0
purl	pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0

aliases CVE-2020-14302

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjue-s41w-bye9

url VCID-mkkw-kxbq-7yhg

vulnerability_id VCID-mkkw-kxbq-7yhg

summary

Loop with Unreachable Exit Condition (Infinite Loop)
When Keycloak receives a Logout request in the middle of the request, the `SAMLSloRequestParser.parse()` method ends in an infinite loop. An attacker could use this flaw to conduct denial of service attacks.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2646.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2646

reference_id

reference_type

scores

value	0.00503
scoring_system	epss
scoring_elements	0.66451
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2646

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2646

reference_url	http://www.securityfocus.com/bid/96882
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/96882

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1431230
reference_id	1431230
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1431230

reference_url

reference_id

CVE-2017-2646

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2646

reference_url

https://github.com/advisories/GHSA-jc6q-27mw-p55w

reference_id

GHSA-jc6q-27mw-p55w

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jc6q-27mw-p55w

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@2.5.5.Final

purl pkg:maven/org.keycloak/keycloak-core@2.5.5.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-5zh6-37gp-pbas

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hdx2-k9s5-zqff

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-vgbc-v44r-vugq

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.5.Final

url	pkg:maven/org.keycloak/keycloak-core@2.5.5
purl	pkg:maven/org.keycloak/keycloak-core@2.5.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.5

aliases CVE-2017-2646, GHSA-jc6q-27mw-p55w

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkkw-kxbq-7yhg

url VCID-prsa-264j-mfah

vulnerability_id VCID-prsa-264j-mfah

summary

Improper Authentication
It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the `<Signature>` sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10201

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33155
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10201

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1728609
reference_id	1728609
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1728609

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10201

reference_id

CVE-2019-10201

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10201

reference_url	https://github.com/advisories/GHSA-4fgq-gq9g-3rw7
reference_id	GHSA-4fgq-gq9g-3rw7
reference_type
scores
url	https://github.com/advisories/GHSA-4fgq-gq9g-3rw7

reference_url	https://access.redhat.com/errata/RHSA-2019:2483
reference_id	RHSA-2019:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2483

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2366
reference_id	RHSA-2020:2366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2366

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@7.0.0

purl pkg:maven/org.keycloak/keycloak-core@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0

aliases CVE-2019-10201, GHSA-4fgq-gq9g-3rw7

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prsa-264j-mfah

url VCID-u8yn-1j1n-gbhu

vulnerability_id VCID-u8yn-1j1n-gbhu

summary

Moderate severity vulnerability that affects org.keycloak:keycloak-core
Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8629.json

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8629.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8629

reference_id

reference_type

scores

value	0.00213
scoring_system	epss
scoring_elements	0.43863
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8629

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1388988

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1388988

reference_url	https://github.com/keycloak/keycloak/commit/a78cfa4b2ca979a1981fb371cfdf2c7212f7b6e2
reference_id
reference_type
scores
url	https://github.com/keycloak/keycloak/commit/a78cfa4b2ca979a1981fb371cfdf2c7212f7b6e2

reference_url

http://www.securityfocus.com/bid/97392

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/97392

reference_url

http://www.securitytracker.com/id/1038180

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1038180

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-8629

reference_id

CVE-2016-8629

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-8629

reference_url

https://github.com/advisories/GHSA-778x-2mqv-w6xw

reference_id

GHSA-778x-2mqv-w6xw

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-778x-2mqv-w6xw

reference_url	https://access.redhat.com/errata/RHSA-2017:0876
reference_id	RHSA-2017:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0876

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@2.4.0.Final

purl pkg:maven/org.keycloak/keycloak-core@2.4.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-5zh6-37gp-pbas

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-asw1-xz83-tqb3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-ek3f-9qnu-27gv

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hdx2-k9s5-zqff

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-mkkw-kxbq-7yhg

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-vgbc-v44r-vugq

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.4.0.Final

url	pkg:maven/org.keycloak/keycloak-core@2.4.0
purl	pkg:maven/org.keycloak/keycloak-core@2.4.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.4.0

aliases CVE-2016-8629, GHSA-778x-2mqv-w6xw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8yn-1j1n-gbhu

url VCID-vgbc-v44r-vugq

vulnerability_id VCID-vgbc-v44r-vugq

summary

Weak Password Recovery Mechanism for Forgotten Password
It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12161.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12161.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12161

reference_id

reference_type

scores

value	0.00279
scoring_system	epss
scoring_elements	0.51497
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12161

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1484564

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1484564

reference_url

https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12161

reference_id

CVE-2017-12161

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12161

reference_url

https://github.com/advisories/GHSA-959q-32g8-vvp7

reference_id

GHSA-959q-32g8-vvp7

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-959q-32g8-vvp7

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@3.4.2.Final

purl pkg:maven/org.keycloak/keycloak-core@3.4.2.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-13dn-ke8h-67ez

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-2qmw-afpp-7qa8

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-5zh6-37gp-pbas

vulnerability	VCID-9719-srgk-33dh

vulnerability	VCID-9kte-cfz7-hqa3

vulnerability	VCID-cg94-7n2h-7fac

vulnerability	VCID-cwqj-tnbj-3ubh

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-djda-aqxt-s3e9

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-h539-621j-d7bn

vulnerability	VCID-hdx2-k9s5-zqff

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-prsa-264j-mfah

vulnerability	VCID-wgzd-wv2e-pyhy

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-wuh8-4akm-2uae

vulnerability	VCID-y9de-4w6u-abfa

vulnerability	VCID-zfgf-9455-d3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@3.4.2.Final

url	pkg:maven/org.keycloak/keycloak-core@3.4.2
purl	pkg:maven/org.keycloak/keycloak-core@3.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@3.4.2

aliases CVE-2017-12161, GHSA-959q-32g8-vvp7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbc-v44r-vugq

url VCID-wgzd-wv2e-pyhy

vulnerability_id VCID-wgzd-wv2e-pyhy

summary

Improper Restriction of Rendered UI Layers or Frames
A vulnerability was found in all versions of Keycloak where the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1728

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.3248
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1728

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

reference_url

https://issues.redhat.com/browse/KEYCLOAK-12264

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/KEYCLOAK-12264

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800585
reference_id	1800585
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800585

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1728

reference_id

CVE-2020-1728

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1728

reference_url	https://access.redhat.com/errata/RHSA-2020:3495
reference_id	RHSA-2020:3495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3495

reference_url	https://access.redhat.com/errata/RHSA-2020:3496
reference_id	RHSA-2020:3496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3496

reference_url	https://access.redhat.com/errata/RHSA-2020:3497
reference_id	RHSA-2020:3497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3497

reference_url	https://access.redhat.com/errata/RHSA-2020:3501
reference_id	RHSA-2020:3501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3501

reference_url	https://access.redhat.com/errata/RHSA-2020:3539
reference_id	RHSA-2020:3539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3539

reference_url	https://access.redhat.com/errata/RHSA-2020:4213
reference_id	RHSA-2020:4213
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4213

reference_url	https://access.redhat.com/errata/RHSA-2020:4252
reference_id	RHSA-2020:4252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4252

fixed_packages

url pkg:maven/org.keycloak/keycloak-core@10.0.0

purl pkg:maven/org.keycloak/keycloak-core@10.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ba6-j1fs-2kfc

vulnerability	VCID-3kg4-uvgq-5khf

vulnerability	VCID-6gee-p7fr-1yhy

vulnerability	VCID-dc8s-fqv5-1uhk

vulnerability	VCID-gr2e-ntp4-9fdg

vulnerability	VCID-hjue-s41w-bye9

vulnerability	VCID-wt2c-cyu2-kbgm

vulnerability	VCID-y9de-4w6u-abfa

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0

aliases CVE-2020-1728, GHSA-3gg7-9q2x-79fc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgzd-wv2e-pyhy

url VCID-wt2c-cyu2-kbgm

vulnerability_id VCID-wt2c-cyu2-kbgm

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_id

reference_type

scores

value	0.85144
scoring_system	epss
scoring_elements	0.99371
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27838

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1906797

reference_url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c

reference_url

https://github.com/keycloak/keycloak/pull/7790

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/7790

reference_url	https://security.archlinux.org/ASA-202105-6
reference_id	ASA-202105-6
reference_type
scores
url	https://security.archlinux.org/ASA-202105-6

reference_url

reference_id

AVG-1926

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url