{"url":"http://public2.vulnerablecode.io/api/packages/244174?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@1.0-final","type":"maven","namespace":"org.keycloak","name":"keycloak-services","version":"1.0-final","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.6.3","latest_non_vulnerable_version":"26.6.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63842?format=json","vulnerability_id":"VCID-12yb-w8kt-jyg3","summary":"keycloak: Keycloak: Denial of Service via excessive processing of OpenID Connect scope parameters","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4634","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4634"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4634","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07056","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4634"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47716","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47716"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4634","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4634"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450250","reference_id":"2450250","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450250"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-h4wv-g838-66g3","reference_id":"GHSA-h4wv-g838-66g3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h4wv-g838-66g3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4634","GHSA-h4wv-g838-66g3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12yb-w8kt-jyg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52586?format=json","vulnerability_id":"VCID-13dn-ke8h-67ez","summary":"Insufficient Session Expiration\nA flaw was found in Keycloak. This flaw allows a malicious user that is currently logged-in, to see the personal information of a previously logged-out user in the account manager section.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33277","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33175","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800527","reference_id":"1800527","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800527"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1724","reference_id":"CVE-2020-1724","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76955?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2"}],"aliases":["CVE-2020-1724","GHSA-8xj2-47xw-q78c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13dn-ke8h-67ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50443?format=json","vulnerability_id":"VCID-1fwh-a287-5qgt","summary":"Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass\nA flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12150","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02665","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12150"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406192","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406192"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339"},{"reference_url":"https://github.com/keycloak/keycloak/issues/35110","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/35110"},{"reference_url":"https://github.com/keycloak/keycloak/issues/43723","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://github.com/keycloak/keycloak/issues/43723"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12150","reference_id":"CVE-2025-12150","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12150"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12150","reference_id":"CVE-2025-12150","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12150"},{"reference_url":"https://github.com/advisories/GHSA-7g5x-9c4v-4w5r","reference_id":"GHSA-7g5x-9c4v-4w5r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g5x-9c4v-4w5r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74340?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4"}],"aliases":["CVE-2025-12150","GHSA-7g5x-9c4v-4w5r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fwh-a287-5qgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57630?format=json","vulnerability_id":"VCID-1u7p-4qg4-yqbv","summary":"Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11986","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:11986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11987","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:11987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/40446","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/40446"},{"reference_url":"https://github.com/keycloak/keycloak/pull/40520","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/40520"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-7365"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365"},{"reference_url":"https://github.com/advisories/GHSA-gj52-35xm-gxjh","reference_id":"GHSA-gj52-35xm-gxjh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gj52-35xm-gxjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["GHSA-gj52-35xm-gxjh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1u7p-4qg4-yqbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52727?format=json","vulnerability_id":"VCID-2jpt-zuv4-mybb","summary":"Improper Input Validation\nA vulnerability was found in Keycloak where every Authorization URL that points to an IDP server lacks proper input validation. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1727.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1727","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39865","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3995","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1727","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800573","reference_id":"1800573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800573"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1727","reference_id":"CVE-2020-1727","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76955?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2"}],"aliases":["CVE-2020-1727"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jpt-zuv4-mybb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47508?format=json","vulnerability_id":"VCID-2kyy-pzzx-n7gr","summary":"Keycloak vulnerable to impersonation via logout token exchange\nKeycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0657","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1727","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17192","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166728","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166728"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-0657","reference_id":"CVE-2023-0657","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-0657"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0657","reference_id":"CVE-2023-0657","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0657"},{"reference_url":"https://github.com/advisories/GHSA-7fpj-9hr8-28vh","reference_id":"GHSA-7fpj-9hr8-28vh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7fpj-9hr8-28vh"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh","reference_id":"GHSA-7fpj-9hr8-28vh","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69809?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/69810?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-0657","GHSA-7fpj-9hr8-28vh"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2kyy-pzzx-n7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48151?format=json","vulnerability_id":"VCID-2xg4-ad4r-4kce","summary":"Keycloak vulnerable to session takeovers due to reuse of session identifiers\nA flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12390","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04487","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12390"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406793","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406793"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d"},{"reference_url":"https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80"},{"reference_url":"https://github.com/keycloak/keycloak/discussions/31265","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/discussions/31265"},{"reference_url":"https://github.com/keycloak/keycloak/issues/32197","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/32197"},{"reference_url":"https://github.com/keycloak/keycloak/issues/43853","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://github.com/keycloak/keycloak/issues/43853"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12390","reference_id":"CVE-2025-12390","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12390"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12390","reference_id":"CVE-2025-12390","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12390"},{"reference_url":"https://github.com/advisories/GHSA-rg35-5v25-mqvp","reference_id":"GHSA-rg35-5v25-mqvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg35-5v25-mqvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71152?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0"}],"aliases":["CVE-2025-12390","GHSA-rg35-5v25-mqvp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xg4-ad4r-4kce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47518?format=json","vulnerability_id":"VCID-2xvq-t8jp-zfbj","summary":"Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow\nKeycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL (ACS), including JavaScript URIs (javascript:).\n\nAllowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1353","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4057","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:4057"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6717","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6717"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6717","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27727","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6717"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253952","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253952"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1","reference_id":"cpe:/a:redhat:openshift_gitops:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.33::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3","reference_id":"cpe:/a:redhat:quarkus:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1","reference_id":"cpe:/a:redhat:rhdh:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6717","reference_id":"CVE-2023-6717","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6717"},{"reference_url":"https://github.com/advisories/GHSA-8rmm-gm28-pj8q","reference_id":"GHSA-8rmm-gm28-pj8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8rmm-gm28-pj8q"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q","reference_id":"GHSA-8rmm-gm28-pj8q","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69809?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/69810?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6717","GHSA-8rmm-gm28-pj8q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xvq-t8jp-zfbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55873?format=json","vulnerability_id":"VCID-36v6-qmgy-j3cv","summary":"Duplicate Advisory: Keycloak Open Redirect vulnerability\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-w8gr-xwp4-r9f7. This link is maintained to preserve external references.\n\n# Original Description\nA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10385","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10386","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6878","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6879","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6880","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6882","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6886","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6887","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6888","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6889","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6890","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8823","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:8823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8824","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:8824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8826","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:8826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-8883","reference_id":"CVE-2024-8883","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-8883"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883","reference_id":"CVE-2024-8883","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883"},{"reference_url":"https://github.com/advisories/GHSA-vvf8-2h68-9475","reference_id":"GHSA-vvf8-2h68-9475","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvf8-2h68-9475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82731?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6"}],"aliases":["GHSA-vvf8-2h68-9475"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36v6-qmgy-j3cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48116?format=json","vulnerability_id":"VCID-3adr-h63v-c3eg","summary":"Keycloak does not invalidate offline sessions when the offline_access scope is removed\nA flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12110","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19292","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12110"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406033","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406033"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b"},{"reference_url":"https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7"},{"reference_url":"https://github.com/keycloak/keycloak/pull/43790","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://github.com/keycloak/keycloak/pull/43790"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12110","reference_id":"CVE-2025-12110","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12110"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12110","reference_id":"CVE-2025-12110","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12110"},{"reference_url":"https://github.com/advisories/GHSA-895x-rfqp-jh5c","reference_id":"GHSA-895x-rfqp-jh5c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-895x-rfqp-jh5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71065?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mzdb-4zsz-qqhn"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3"}],"aliases":["CVE-2025-12110","GHSA-895x-rfqp-jh5c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3adr-h63v-c3eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53892?format=json","vulnerability_id":"VCID-3kg4-uvgq-5khf","summary":"Server-Side Request Forgery (SSRF)\nA flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.","references":[{"reference_url":"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10770","reference_id":"","reference_type":"","scores":[{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99734","published_at":"2026-06-05T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99735","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10770"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1846270","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1846270"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2"},{"reference_url":"https://github.com/keycloak/keycloak-documentation/pull/1086","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak-documentation/pull/1086"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7714","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7714"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-14019","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-14019"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-3426","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-3426"},{"reference_url":"https://security.archlinux.org/AVG-1577","reference_id":"AVG-1577","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1577"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py","reference_id":"CVE-2020-10770","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10770","reference_id":"CVE-2020-10770","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10770"},{"reference_url":"https://github.com/advisories/GHSA-jh7q-5mwf-qvhw","reference_id":"GHSA-jh7q-5mwf-qvhw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh7q-5mwf-qvhw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0318","reference_id":"RHSA-2021:0318","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0318"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0319","reference_id":"RHSA-2021:0319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0320","reference_id":"RHSA-2021:0320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0327","reference_id":"RHSA-2021:0327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0327"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79355?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@12.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.2"}],"aliases":["CVE-2020-10770","GHSA-jh7q-5mwf-qvhw"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kg4-uvgq-5khf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55171?format=json","vulnerability_id":"VCID-4hs9-48uu-8qbf","summary":"Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-69fp-7c8p-crjr. This link is maintained to preserve external references.\n\n## Original Description\nA flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3566","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3567","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3568","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3570","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3572","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3573","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3574","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3575","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3576","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:3576"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4540","reference_id":"CVE-2024-4540","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-4540"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540","reference_id":"CVE-2024-4540","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540"},{"reference_url":"https://github.com/advisories/GHSA-4vrx-8phj-x3mg","reference_id":"GHSA-4vrx-8phj-x3mg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vrx-8phj-x3mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81712?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["GHSA-4vrx-8phj-x3mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hs9-48uu-8qbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55847?format=json","vulnerability_id":"VCID-66zv-ra8w-s3b4","summary":"Keycloak Services has a potential bypass of brute force protection\nIf an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6493","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6494","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6495","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6497","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6499","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6500","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6501","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6501"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4629","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63746","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4629"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416"},{"reference_url":"https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200"},{"reference_url":"https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562"},{"reference_url":"https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4629","reference_id":"CVE-2024-4629","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-4629"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629","reference_id":"CVE-2024-4629","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629"},{"reference_url":"https://github.com/advisories/GHSA-gc7q-jgjv-vjr2","reference_id":"GHSA-gc7q-jgjv-vjr2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc7q-jgjv-vjr2"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2","reference_id":"GHSA-gc7q-jgjv-vjr2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82578?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w6nc-88yg-dkem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/82579?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w6nc-88yg-dkem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/82681?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.4"}],"aliases":["CVE-2024-4629","GHSA-gc7q-jgjv-vjr2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66zv-ra8w-s3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57234?format=json","vulnerability_id":"VCID-6dya-2u73-vbee","summary":"Keycloak vulnerable to two factor authentication bypass\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22345","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3910"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/39349","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://github.com/keycloak/keycloak/issues/39349"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3910","reference_id":"CVE-2025-3910","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-3910"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910","reference_id":"CVE-2025-3910","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910"},{"reference_url":"https://github.com/advisories/GHSA-5jfq-x6xp-7rw2","reference_id":"GHSA-5jfq-x6xp-7rw2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5jfq-x6xp-7rw2"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2","reference_id":"GHSA-5jfq-x6xp-7rw2","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84985?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mzdb-4zsz-qqhn"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["CVE-2025-3910","GHSA-5jfq-x6xp-7rw2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dya-2u73-vbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55355?format=json","vulnerability_id":"VCID-6kbf-zmzu-xbgt","summary":"Keycloak's improper input validation allows using email as username\nKeycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3754.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3754.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3754","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3754"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3754","reference_id":"","reference_type":"","scores":[{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.94012","published_at":"2026-06-05T12:55:00Z"},{"value":"0.12319","scoring_system":"epss","scoring_elements":"0.94003","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999196","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999196"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3754","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3754"},{"reference_url":"https://github.com/advisories/GHSA-4vc8-pg5c-vg4x","reference_id":"GHSA-4vc8-pg5c-vg4x","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vc8-pg5c-vg4x"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x","reference_id":"GHSA-4vc8-pg5c-vg4x","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81847?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.1"}],"aliases":["CVE-2021-3754","GHSA-4vc8-pg5c-vg4x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6kbf-zmzu-xbgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5537?format=json","vulnerability_id":"VCID-7662-z35s-9qeq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3513"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42063","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42137","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7976","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439","reference_id":"1953439","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-xv7h-95r7-595j","reference_id":"GHSA-xv7h-95r7-595j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv7h-95r7-595j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79360?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2021-3513","GHSA-xv7h-95r7-595j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7662-z35s-9qeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63838?format=json","vulnerability_id":"VCID-7uk5-w4qh-8uhq","summary":"keycloak: Keycloak: Information disclosure due to redirect_uri validation bypass","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3872","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3872"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3872","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01743","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3872"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47718","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47718"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3872","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3872"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445988","reference_id":"2445988","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445988"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-cjm2-j6cm-6p6m","reference_id":"GHSA-cjm2-j6cm-6p6m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cjm2-j6cm-6p6m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-3872","GHSA-cjm2-j6cm-6p6m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uk5-w4qh-8uhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56257?format=json","vulnerability_id":"VCID-8ekh-fbbj-5yfb","summary":"Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10176","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10177","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10178","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:10178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-10270","reference_id":"CVE-2024-10270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-10270"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270","reference_id":"CVE-2024-10270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270"},{"reference_url":"https://github.com/advisories/GHSA-j3x3-r585-4qhg","reference_id":"GHSA-j3x3-r585-4qhg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j3x3-r585-4qhg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83338?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/83339?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6"}],"aliases":["GHSA-j3x3-r585-4qhg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ekh-fbbj-5yfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43029?format=json","vulnerability_id":"VCID-9jrc-ayvh-e7dk","summary":"Keycloak is vulnerable to IDN homograph attack\nA flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity.","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e"},{"reference_url":"https://github.com/advisories/GHSA-mwm4-5qwr-g9pf","reference_id":"GHSA-mwm4-5qwr-g9pf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwm4-5qwr-g9pf"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf","reference_id":"GHSA-mwm4-5qwr-g9pf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61579?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0"}],"aliases":["GHSA-mwm4-5qwr-g9pf","GMS-2022-1099"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jrc-ayvh-e7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42323?format=json","vulnerability_id":"VCID-9kte-cfz7-hqa3","summary":"Improper Certificate Validation\nA flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49007","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48946","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-13285","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-13285"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514","reference_id":"1812514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758","reference_id":"CVE-2020-1758","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758"},{"reference_url":"https://github.com/advisories/GHSA-c597-f74m-jgc2","reference_id":"GHSA-c597-f74m-jgc2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c597-f74m-jgc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61244?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@10.0.0"}],"aliases":["CVE-2020-1758","GHSA-c597-f74m-jgc2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kte-cfz7-hqa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45591?format=json","vulnerability_id":"VCID-asmd-x6cy-dqdt","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nKeycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4361.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4361.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4361","reference_id":"","reference_type":"","scores":[{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.80141","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.80115","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4361"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151618","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151618"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/"}],"url":"https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-3p62-6fjh-3p5h","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-3p62-6fjh-3p5h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4361","reference_id":"CVE-2022-4361","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4361"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65823?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@21.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2"}],"aliases":["CVE-2022-4361","GHSA-3p62-6fjh-3p5h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-asmd-x6cy-dqdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46052?format=json","vulnerability_id":"VCID-azxv-y5rj-vkg9","summary":"Insufficient Session Expiration\nA flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8961","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8962","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8963","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8964","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8965","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45539","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4547","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3916"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916"},{"reference_url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67069?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.2"}],"aliases":["CVE-2022-3916","GHSA-97g8-xfvw-q4hg","GMS-2022-8406"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50263?format=json","vulnerability_id":"VCID-bebk-k27t-4qgf","summary":"Keycloak: Missing Check on Disabled Client for Docker Registry Protocol\nA flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2733","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10007","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2733"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440895","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440895"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46462","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46462"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2733","reference_id":"CVE-2026-2733","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2733","reference_id":"CVE-2026-2733","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2733"},{"reference_url":"https://github.com/advisories/GHSA-fjf4-6f34-w64q","reference_id":"GHSA-fjf4-6f34-w64q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjf4-6f34-w64q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112932?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4"}],"aliases":["CVE-2026-2733","GHSA-fjf4-6f34-w64q"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bebk-k27t-4qgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55338?format=json","vulnerability_id":"VCID-bub5-f9wf-57d4","summary":"Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)\nA flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3566","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3567","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3568","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3570","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3572","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3573","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3574","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3575","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3576","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3576"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4540","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4540","reference_id":"CVE-2024-4540","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-4540"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540","reference_id":"CVE-2024-4540","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540"},{"reference_url":"https://github.com/advisories/GHSA-69fp-7c8p-crjr","reference_id":"GHSA-69fp-7c8p-crjr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69fp-7c8p-crjr"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr","reference_id":"GHSA-69fp-7c8p-crjr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81712?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["CVE-2024-4540","GHSA-69fp-7c8p-crjr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bub5-f9wf-57d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44782?format=json","vulnerability_id":"VCID-ch1b-adh9-skah","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1274","reference_id":"","reference_type":"","scores":[{"value":"0.00993","scoring_system":"epss","scoring_elements":"0.77283","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00993","scoring_system":"epss","scoring_elements":"0.77252","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1274"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073157","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073157"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9"},{"reference_url":"https://github.com/keycloak/keycloak/pull/16764","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/16764"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2021-0033","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/security-advisories/usd-2021-0033"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1274","reference_id":"CVE-2022-1274","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1274"},{"reference_url":"https://github.com/advisories/GHSA-m4fv-gm5m-4725","reference_id":"GHSA-m4fv-gm5m-4725","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m4fv-gm5m-4725"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725","reference_id":"GHSA-m4fv-gm5m-4725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64454?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@20.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.5"}],"aliases":["CVE-2022-1274","GHSA-m4fv-gm5m-4725","GMS-2023-528"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ch1b-adh9-skah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56014?format=json","vulnerability_id":"VCID-cs4b-u9hn-9ugy","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6493","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6494","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6495","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6497","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6499","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6500","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6501","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6502","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6503","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6503"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7341","reference_id":"","reference_type":"","scores":[{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7341"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302064","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302064"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-7341","reference_id":"CVE-2024-7341","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-7341"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7341","reference_id":"CVE-2024-7341","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7341"},{"reference_url":"https://github.com/advisories/GHSA-5rxp-2rhr-qwqv","reference_id":"GHSA-5rxp-2rhr-qwqv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rxp-2rhr-qwqv"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv","reference_id":"GHSA-5rxp-2rhr-qwqv","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv"},{"reference_url":"https://github.com/advisories/GHSA-j76j-rqwj-jmvv","reference_id":"GHSA-j76j-rqwj-jmvv","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://github.com/advisories/GHSA-j76j-rqwj-jmvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82578?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w6nc-88yg-dkem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/82579?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w6nc-88yg-dkem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/82577?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.5"}],"aliases":["CVE-2024-7341","GHSA-5rxp-2rhr-qwqv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs4b-u9hn-9ugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53801?format=json","vulnerability_id":"VCID-dc8s-fqv5-1uhk","summary":"Improper Privilege Management\nIt was found that Keycloak would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14389","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3499","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35086","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875843","reference_id":"1875843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875843"},{"reference_url":"https://access.redhat.com/security/cve/cve-2020-14389","reference_id":"CVE-2020-14389","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2020-14389"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14389","reference_id":"CVE-2020-14389","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60271?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-pu4g-rbu2-nbdb"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0"}],"aliases":["CVE-2020-14389","GHSA-c9x9-xv66-xp3v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc8s-fqv5-1uhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49799?format=json","vulnerability_id":"VCID-dckx-y9zp-d7fy","summary":"Keycloak Admin REST API exposes backend schema and rules\nA flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14083","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01033","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14083"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419086","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419086"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45493","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45493"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14083","reference_id":"CVE-2025-14083","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14083"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14083","reference_id":"CVE-2025-14083","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14083"},{"reference_url":"https://github.com/advisories/GHSA-594w-2fwp-jwrc","reference_id":"GHSA-594w-2fwp-jwrc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-594w-2fwp-jwrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-14083","GHSA-594w-2fwp-jwrc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dckx-y9zp-d7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112241?format=json","vulnerability_id":"VCID-devd-tmch-f3hg","summary":"JBoss Keycloak CSRF Vulnerability\nThe `org.keycloak.services.resources.SocialResource.callback` method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3709","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50944","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51006","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154971","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1154971"},{"reference_url":"https://github.com/keycloak/keycloak/commit/bb132e1aa0b3b3a123883d0b8d0b788337df956d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/bb132e1aa0b3b3a123883d0b8d0b788337df956d"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-765","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-765"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3709","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3709"},{"reference_url":"https://web.archive.org/web/20200227141715/http://www.securityfocus.com/bid/101508","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227141715/http://www.securityfocus.com/bid/101508"},{"reference_url":"https://github.com/advisories/GHSA-xr6q-qqx7-553g","reference_id":"GHSA-xr6q-qqx7-553g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xr6q-qqx7-553g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/155506?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@1.0.3.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2jpt-zuv4-mybb"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fh1s-1jqa-3bgp"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq4a-ng5y-xudy"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zdyb-dh4t-5kam"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@1.0.3.Final"}],"aliases":["CVE-2014-3709","GHSA-xr6q-qqx7-553g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-devd-tmch-f3hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57678?format=json","vulnerability_id":"VCID-dgdk-ahqm-9ken","summary":"Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381861","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381861"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/41137","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/41137"},{"reference_url":"https://github.com/keycloak/keycloak/pull/41168","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/41168"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7784","reference_id":"CVE-2025-7784","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-7784"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784","reference_id":"CVE-2025-7784","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784"},{"reference_url":"https://github.com/advisories/GHSA-83j7-mhw9-388w","reference_id":"GHSA-83j7-mhw9-388w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-83j7-mhw9-388w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85981?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2"}],"aliases":["GHSA-83j7-mhw9-388w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgdk-ahqm-9ken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47514?format=json","vulnerability_id":"VCID-dt1x-6344-fkda","summary":"Keycloak Authorization Bypass vulnerability\nDue to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6544","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6544"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6544","reference_id":"","reference_type":"","scores":[{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.80164","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253116","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253116"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6544","reference_id":"CVE-2023-6544","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6544"},{"reference_url":"https://github.com/advisories/GHSA-46c8-635v-68r2","reference_id":"GHSA-46c8-635v-68r2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46c8-635v-68r2"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2","reference_id":"GHSA-46c8-635v-68r2","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69809?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/69810?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6544","GHSA-46c8-635v-68r2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dt1x-6344-fkda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42782?format=json","vulnerability_id":"VCID-dvk9-qsq9-4uc3","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20323","reference_id":"","reference_type":"","scores":[{"value":"0.70265","scoring_system":"epss","scoring_elements":"0.987","published_at":"2026-06-04T12:55:00Z"},{"value":"0.70265","scoring_system":"epss","scoring_elements":"0.98701","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20323"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2013577","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2013577"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20323","reference_id":"CVE-2021-20323","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20323"},{"reference_url":"https://github.com/advisories/GHSA-xpgc-j48j-jwv9","reference_id":"GHSA-xpgc-j48j-jwv9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpgc-j48j-jwv9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0407","reference_id":"RHSA-2022:0407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/564739?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@17.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@17.0.0"}],"aliases":["CVE-2021-20323","GHSA-xpgc-j48j-jwv9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvk9-qsq9-4uc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57227?format=json","vulnerability_id":"VCID-dwgd-79t9-d7a1","summary":"Duplicate Advisory: Keycloak hostname verification\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8672","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:8672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8690","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:8690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3501","reference_id":"CVE-2025-3501","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-3501"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501","reference_id":"CVE-2025-3501","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501"},{"reference_url":"https://github.com/advisories/GHSA-r934-w73g-v4p8","reference_id":"GHSA-r934-w73g-v4p8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r934-w73g-v4p8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84985?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mzdb-4zsz-qqhn"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["GHSA-r934-w73g-v4p8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwgd-79t9-d7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64298?format=json","vulnerability_id":"VCID-exeg-acrj-zkah","summary":"org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4874"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01265","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4874"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4874"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611","reference_id":"2451611","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-22rm-wp4x-v5cx","reference_id":"GHSA-22rm-wp4x-v5cx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-22rm-wp4x-v5cx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/992314?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sxtm-krnm-kff7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1"}],"aliases":["CVE-2026-4874","GHSA-22rm-wp4x-v5cx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exeg-acrj-zkah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40136?format=json","vulnerability_id":"VCID-fh1s-1jqa-3bgp","summary":"Improper Certificate Validation\nIt was found that SAML authentication in Keycloak incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10894.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10894","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17432","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17355","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599434","reference_id":"1599434","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599434"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10894","reference_id":"CVE-2018-10894","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10894"},{"reference_url":"https://github.com/advisories/GHSA-xvv8-8wh9-9fh2","reference_id":"GHSA-xvv8-8wh9-9fh2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvv8-8wh9-9fh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62685?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@4.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2jpt-zuv4-mybb"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zdyb-dh4t-5kam"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@4.4.0.Final"}],"aliases":["CVE-2018-10894","GHSA-xvv8-8wh9-9fh2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fh1s-1jqa-3bgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49797?format=json","vulnerability_id":"VCID-fkdm-gq5h-rbg7","summary":"Keycloak does not validate and update refresh token usage atomically\nA flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1035","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01688","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1035"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430314","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430314"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45647","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45647"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1035","reference_id":"CVE-2026-1035","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1035"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1035","reference_id":"CVE-2026-1035","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1035"},{"reference_url":"https://github.com/advisories/GHSA-m2w5-7xhv-w6fh","reference_id":"GHSA-m2w5-7xhv-w6fh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2w5-7xhv-w6fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2026-1035","GHSA-m2w5-7xhv-w6fh"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fkdm-gq5h-rbg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4953?format=json","vulnerability_id":"VCID-g36a-kpzd-3bdf","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37121","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3703","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3424"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933320","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933320"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3424","reference_id":"CVE-2021-3424","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3424"},{"reference_url":"https://github.com/advisories/GHSA-pf38-cw3p-22q9","reference_id":"GHSA-pf38-cw3p-22q9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf38-cw3p-22q9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2063","reference_id":"RHSA-2021:2063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2064","reference_id":"RHSA-2021:2064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2065","reference_id":"RHSA-2021:2065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2070","reference_id":"RHSA-2021:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2070"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61579?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0"}],"aliases":["CVE-2021-3424","GHSA-pf38-cw3p-22q9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g36a-kpzd-3bdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47516?format=json","vulnerability_id":"VCID-ghak-3963-juhk","summary":"Keycloak path traversal vulnerability in the redirect validation\nAn issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2419","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.214","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269371","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269371"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2419","reference_id":"CVE-2024-2419","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2419","reference_id":"CVE-2024-2419","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2419"},{"reference_url":"https://github.com/advisories/GHSA-mrv8-pqfj-7gp5","reference_id":"GHSA-mrv8-pqfj-7gp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrv8-pqfj-7gp5"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5","reference_id":"GHSA-mrv8-pqfj-7gp5","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69809?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/69810?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-2419","GHSA-mrv8-pqfj-7gp5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghak-3963-juhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4955?format=json","vulnerability_id":"VCID-gr2e-ntp4-9fdg","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29814","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29746","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-16550","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-16550"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725","reference_id":"CVE-2020-1725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725"},{"reference_url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm","reference_id":"GHSA-p225-pc2x-4jpm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79360?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2020-1725","GHSA-p225-pc2x-4jpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50877?format=json","vulnerability_id":"VCID-gv5e-6w51-uydc","summary":"Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API\nA flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3429","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04232","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443771","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443771"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47069","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47069"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3429","reference_id":"CVE-2026-3429","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3429"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3429","reference_id":"CVE-2026-3429","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3429"},{"reference_url":"https://github.com/advisories/GHSA-8g9r-9wjw-37j4","reference_id":"GHSA-8g9r-9wjw-37j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g9r-9wjw-37j4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-3429","GHSA-8g9r-9wjw-37j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv5e-6w51-uydc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63606?format=json","vulnerability_id":"VCID-gyv4-k3na-eyhu","summary":"keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-37977","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-37977"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37977","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00893","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37977"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37977","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37977"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455324","reference_id":"2455324","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455324"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-5v8v-xvjv-57x7","reference_id":"GHSA-5v8v-xvjv-57x7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5v8v-xvjv-57x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112858?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0"}],"aliases":["CVE-2026-37977","GHSA-5v8v-xvjv-57x7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv4-k3na-eyhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5541?format=json","vulnerability_id":"VCID-hjue-s41w-bye9","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14302","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35824","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3592","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14302"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849584","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849584"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14302","reference_id":"CVE-2020-14302","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0967","reference_id":"RHSA-2021:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0968","reference_id":"RHSA-2021:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0969","reference_id":"RHSA-2021:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79360?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2020-14302"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjue-s41w-bye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42286?format=json","vulnerability_id":"VCID-hr92-2apu-abg5","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nA vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14366","reference_id":"","reference_type":"","scores":[{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.60031","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59983","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869764","reference_id":"1869764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869764"},{"reference_url":"https://security.archlinux.org/AVG-1471","reference_id":"AVG-1471","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1471"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14366","reference_id":"CVE-2020-14366","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14366"},{"reference_url":"https://github.com/advisories/GHSA-cp67-8w3w-6h9c","reference_id":"GHSA-cp67-8w3w-6h9c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cp67-8w3w-6h9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60271?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-pu4g-rbu2-nbdb"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0"}],"aliases":["CVE-2020-14366","GHSA-cp67-8w3w-6h9c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hr92-2apu-abg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47162?format=json","vulnerability_id":"VCID-hxup-rgnc-mqbp","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1722.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1722.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1722","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41974","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1722"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265389","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:52:47Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265389"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e"},{"reference_url":"https://github.com/keycloak/keycloak/issues/29603","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/29603"},{"reference_url":"https://github.com/keycloak/keycloak/issues/29603#issuecomment-2127499627","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/29603#issuecomment-2127499627"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1722","reference_id":"CVE-2024-1722","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:52:47Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1722"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1722","reference_id":"CVE-2024-1722","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1722"},{"reference_url":"https://github.com/advisories/GHSA-3hrr-xwvg-hxvr","reference_id":"GHSA-3hrr-xwvg-hxvr","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3hrr-xwvg-hxvr"},{"reference_url":"https://github.com/advisories/GHSA-cq42-vhv7-xr7p","reference_id":"GHSA-cq42-vhv7-xr7p","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cq42-vhv7-xr7p"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cq42-vhv7-xr7p","reference_id":"GHSA-cq42-vhv7-xr7p","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cq42-vhv7-xr7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81836?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.0"}],"aliases":["CVE-2024-1722","GHSA-3hrr-xwvg-hxvr","GHSA-cq42-vhv7-xr7p"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxup-rgnc-mqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55344?format=json","vulnerability_id":"VCID-hzvd-ugxf-9fcd","summary":"Keycloak's admin API allows low privilege users to use administrative functions\nUsers with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3572","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3575","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3575"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3656","reference_id":"","reference_type":"","scores":[{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99582","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3656"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274403","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274403"},{"reference_url":"https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1"},{"reference_url":"https://news.ycombinator.com/item?id=42136000","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://news.ycombinator.com/item?id=42136000"},{"reference_url":"https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-3656","reference_id":"CVE-2024-3656","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-3656"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3656","reference_id":"CVE-2024-3656","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3656"},{"reference_url":"https://github.com/advisories/GHSA-2cww-fgmg-4jqc","reference_id":"GHSA-2cww-fgmg-4jqc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://github.com/advisories/GHSA-2cww-fgmg-4jqc"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc","reference_id":"GHSA-2cww-fgmg-4jqc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81712?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["CVE-2024-3656","GHSA-2cww-fgmg-4jqc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hzvd-ugxf-9fcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63840?format=json","vulnerability_id":"VCID-j8hz-kys5-z3dr","summary":"keycloak: Keycloak: Replay of action tokens via improper handling of single-use entries","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4325","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4325"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4325","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12423","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4325"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47715","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47715"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4325","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4325"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448351","reference_id":"2448351","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448351"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-rx66-hj7g-28h7","reference_id":"GHSA-rx66-hj7g-28h7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rx66-hj7g-28h7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4325","GHSA-rx66-hj7g-28h7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8hz-kys5-z3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43016?format=json","vulnerability_id":"VCID-jfsk-9epz-t7a8","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1245.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1245","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62573","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62528","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1245"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/76d83f46fad94ebcbedaa49e6daad458e2894e52"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1245","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1245"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2071036","reference_id":"2071036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2071036"},{"reference_url":"https://github.com/advisories/GHSA-75p6-52g3-rqc8","reference_id":"GHSA-75p6-52g3-rqc8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75p6-52g3-rqc8"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8","reference_id":"GHSA-75p6-52g3-rqc8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1709","reference_id":"RHSA-2022:1709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1711","reference_id":"RHSA-2022:1711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1712","reference_id":"RHSA-2022:1712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1713","reference_id":"RHSA-2022:1713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61579?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0"}],"aliases":["CVE-2022-1245","GHSA-75p6-52g3-rqc8","GMS-2022-1039"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfsk-9epz-t7a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56674?format=json","vulnerability_id":"VCID-jhzk-d1en-gkhj","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2544","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2545","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2545"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1391.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1391","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25518","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1391"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346082","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346082"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-gvgg-2r3r-53x7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-gvgg-2r3r-53x7"},{"reference_url":"https://github.com/keycloak/keycloak/issues/37169","reference_id":"37169","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/"}],"url":"https://github.com/keycloak/keycloak/issues/37169"},{"reference_url":"https://github.com/keycloak/keycloak/pull/37235","reference_id":"37235","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/"}],"url":"https://github.com/keycloak/keycloak/pull/37235"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-1391","reference_id":"CVE-2025-1391","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T17:17:45Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-1391"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1391","reference_id":"CVE-2025-1391","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1391"},{"reference_url":"https://github.com/advisories/GHSA-rq4w-cjrr-h8w8","reference_id":"GHSA-rq4w-cjrr-h8w8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rq4w-cjrr-h8w8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/130538?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/84144?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/130537?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.3"}],"aliases":["CVE-2025-1391","GHSA-gvgg-2r3r-53x7","GHSA-rq4w-cjrr-h8w8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhzk-d1en-gkhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5539?format=json","vulnerability_id":"VCID-jm25-gtrc-zuhh","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20202","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14449","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14519","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922128","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922128"},{"reference_url":"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-17000","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-17000"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20202","reference_id":"CVE-2021-20202","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20202"},{"reference_url":"https://github.com/advisories/GHSA-6xp6-fmc8-pmmr","reference_id":"GHSA-6xp6-fmc8-pmmr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xp6-fmc8-pmmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79360?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2021-20202","GHSA-6xp6-fmc8-pmmr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jm25-gtrc-zuhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47796?format=json","vulnerability_id":"VCID-jpky-uz5r-gbc8","summary":"Keycloak SMTP Inject Vulnerability\nSpecial characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15336","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15337","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15338","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15339","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15339"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8419","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28696","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0","reference_id":"cpe:/a:redhat:build_keycloak:26.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2","reference_id":"cpe:/a:redhat:build_keycloak:26.2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-8419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419"},{"reference_url":"https://github.com/advisories/GHSA-m4j5-5x4r-2xp9","reference_id":"GHSA-m4j5-5x4r-2xp9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m4j5-5x4r-2xp9"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9","reference_id":"GHSA-m4j5-5x4r-2xp9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70546?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/70547?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3"}],"aliases":["CVE-2025-8419","GHSA-m4j5-5x4r-2xp9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpky-uz5r-gbc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50832?format=json","vulnerability_id":"VCID-jq8s-nkj4-j7h7","summary":"Keycloak: Information disclosure of disabled user attributes via administrative endpoint\nA flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3911","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02028","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3911"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446392","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446392"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46922","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46922"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46923","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46923"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3911","reference_id":"CVE-2026-3911","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3911"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3911","reference_id":"CVE-2026-3911","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3911"},{"reference_url":"https://github.com/advisories/GHSA-xh32-c9wx-phrp","reference_id":"GHSA-xh32-c9wx-phrp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh32-c9wx-phrp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74838?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3911","GHSA-xh32-c9wx-phrp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jq8s-nkj4-j7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46659?format=json","vulnerability_id":"VCID-k6ct-rgvj-t3an","summary":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nA flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6134","reference_id":"","reference_type":"","scores":[{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85563","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6134"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249673","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249673"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6134","reference_id":"CVE-2023-6134","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-6134"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6134","reference_id":"CVE-2023-6134","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6134"},{"reference_url":"https://github.com/advisories/GHSA-cvg2-7c3j-g36j","reference_id":"GHSA-cvg2-7c3j-g36j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cvg2-7c3j-g36j"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j","reference_id":"GHSA-cvg2-7c3j-g36j","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68192?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-86yc-ds2u-jba3"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/135958?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3"}],"aliases":["CVE-2023-6134","GHSA-cvg2-7c3j-g36j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ct-rgvj-t3an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47512?format=json","vulnerability_id":"VCID-kbc1-6psh-17d8","summary":"Keycloak path transversal vulnerability in redirection validation\nA flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3752","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3762","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3919","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3989","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3989"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1132","reference_id":"","reference_type":"","scores":[{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55892","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1132"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262117","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262117"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10","reference_id":"cpe:/a:redhat:amq_broker:7.10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11","reference_id":"cpe:/a:redhat:amq_broker:7.11","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6.2::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8","reference_id":"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3","reference_id":"cpe:/a:redhat:quarkus:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1132","reference_id":"CVE-2024-1132","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1132"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1132","reference_id":"CVE-2024-1132","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1132"},{"reference_url":"https://github.com/advisories/GHSA-72vp-xfrc-42xm","reference_id":"GHSA-72vp-xfrc-42xm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72vp-xfrc-42xm"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm","reference_id":"GHSA-72vp-xfrc-42xm","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69809?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/69810?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-1132","GHSA-72vp-xfrc-42xm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbc1-6psh-17d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45526?format=json","vulnerability_id":"VCID-kf26-bvty-a3g9","summary":"Client Spoofing within the Keycloak Device Authorisation Grant\nUnder certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a device_code to retrieve an access token for other OAuth clients.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3883","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3884","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3885","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3888","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3892","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:3892"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2585.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-2585","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-2585"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2585","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29453","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2585"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/04e6244c387a1bde86184635a0049537611e3915"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2585","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196335","reference_id":"2196335","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196335"},{"reference_url":"https://github.com/advisories/GHSA-f5h4-wmp5-xhg6","reference_id":"GHSA-f5h4-wmp5-xhg6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f5h4-wmp5-xhg6"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6","reference_id":"GHSA-f5h4-wmp5-xhg6","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-f5h4-wmp5-xhg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65823?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@21.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2"}],"aliases":["CVE-2023-2585","GHSA-f5h4-wmp5-xhg6"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kf26-bvty-a3g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50704?format=json","vulnerability_id":"VCID-kmna-8rms-2bez","summary":"Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator\nA security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3009","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11455","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3009"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441867","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441867"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46911"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.5.5","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.5.5"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3009","reference_id":"CVE-2026-3009","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3009","reference_id":"CVE-2026-3009","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3009"},{"reference_url":"https://github.com/advisories/GHSA-m297-3jv9-m927","reference_id":"GHSA-m297-3jv9-m927","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m297-3jv9-m927"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74475?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-3009","GHSA-m297-3jv9-m927"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmna-8rms-2bez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46510?format=json","vulnerability_id":"VCID-m24y-x4sk-2yd6","summary":"Keycloak vulnerable to LDAP Injection on UsernameForm Login\nA flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2232.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2232","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29553","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29485","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2232"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4252e394cf725b16f7e4e19aa32b03fd3fe13fde"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2096994","reference_id":"2096994","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2096994"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-2232","reference_id":"CVE-2022-2232","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-14T17:06:36Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-2232"},{"reference_url":"https://github.com/advisories/GHSA-8hc5-rmgf-qx6p","reference_id":"GHSA-8hc5-rmgf-qx6p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8hc5-rmgf-qx6p"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p","reference_id":"GHSA-8hc5-rmgf-qx6p","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8hc5-rmgf-qx6p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67966?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.1"}],"aliases":["CVE-2022-2232","GHSA-8hc5-rmgf-qx6p"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m24y-x4sk-2yd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47510?format=json","vulnerability_id":"VCID-mt5g-24m9-tfbg","summary":"Keycloak vulnerable to session hijacking via re-authentication\nA flaw was found in Keycloak. An active keycloak session can be hijacked by initiating a new authentication (having the query parameter prompt=login) and forcing the user to enter his credentials once again. If the user cancels this re-authentication by clicking Restart login, the account takeover could take place as the new session, with a different SUB, will have the same SID as the previous session.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6787","reference_id":"","reference_type":"","scores":[{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69134","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6787"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254375","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254375"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6787","reference_id":"CVE-2023-6787","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6787"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6787","reference_id":"CVE-2023-6787","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6787"},{"reference_url":"https://github.com/advisories/GHSA-c9h6-v78w-52wj","reference_id":"GHSA-c9h6-v78w-52wj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9h6-v78w-52wj"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj","reference_id":"GHSA-c9h6-v78w-52wj","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69809?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/69810?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6787","GHSA-c9h6-v78w-52wj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mt5g-24m9-tfbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47503?format=json","vulnerability_id":"VCID-nw1y-zwsy-auff","summary":"Keycloak vulnerable to log Injection during WebAuthn authentication or registration\nA flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with \"Security Key login\" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection.\n\nAcknowledgements:\nSpecial thanks toTheresa Henze for reporting this issue and helping us improve our security.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0798","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0799","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0800","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0801","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0804","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1865","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6484.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6484","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6484"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6484","reference_id":"","reference_type":"","scores":[{"value":"0.00596","scoring_system":"epss","scoring_elements":"0.6979","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248423","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248423"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/110f64a8146d0817252f90cf4b5e6a62aa897aff"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f9049565a9a228faa08138b9269d66d3de6c7e9a"},{"reference_url":"https://github.com/keycloak/keycloak/issues/25078","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/25078"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6484","reference_id":"CVE-2023-6484","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6484"},{"reference_url":"https://github.com/advisories/GHSA-j628-q885-8gr5","reference_id":"GHSA-j628-q885-8gr5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j628-q885-8gr5"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5","reference_id":"GHSA-j628-q885-8gr5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-j628-q885-8gr5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69805?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/69806?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.5"}],"aliases":["CVE-2023-6484","GHSA-j628-q885-8gr5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nw1y-zwsy-auff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112079?format=json","vulnerability_id":"VCID-pq4a-ng5y-xudy","summary":"JBoss KeyCloak Open Redirect\nJBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.","references":[{"reference_url":"https://access.redhat.com/security/cve/cve-2014-3652","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2014-3652"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3652","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44616","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44547","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3652"},{"reference_url":"https://github.com/keycloak/keycloak/commit/6b2a4229e3b869eec9d4adc30c1afdf71e78cbdf","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/6b2a4229e3b869eec9d4adc30c1afdf71e78cbdf"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-700","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-700"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3652","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3652"},{"reference_url":"https://github.com/advisories/GHSA-5r7w-pjx8-99qg","reference_id":"GHSA-5r7w-pjx8-99qg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5r7w-pjx8-99qg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/154765?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@1.1.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2jpt-zuv4-mybb"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fh1s-1jqa-3bgp"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zdyb-dh4t-5kam"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@1.1.0.Beta1"}],"aliases":["CVE-2014-3652","GHSA-5r7w-pjx8-99qg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq4a-ng5y-xudy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65968?format=json","vulnerability_id":"VCID-pq67-ngsq-cbe4","summary":"keycloak: Keycloak: Information Disclosure via improper role enforcement in UMA 2.0 Protection API","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3190"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02142","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3190"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46723","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46723"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442572","reference_id":"2442572","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442572"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-q35r-vvhv-vx5h","reference_id":"GHSA-q35r-vvhv-vx5h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q35r-vvhv-vx5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74838?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3190","GHSA-q35r-vvhv-vx5h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq67-ngsq-cbe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56977?format=json","vulnerability_id":"VCID-pr4d-pmh8-yfeh","summary":"Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache\nA flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2559","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07057","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2559"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353868","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353868"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/38576","reference_id":"38576","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://github.com/keycloak/keycloak/issues/38576"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca","reference_id":"a10c8119d4452b866b90a9019b2cc159919276ca","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-2559","reference_id":"CVE-2025-2559","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-2559"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2559","reference_id":"CVE-2025-2559","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2559"},{"reference_url":"https://github.com/advisories/GHSA-2935-2wfm-hhpv","reference_id":"GHSA-2935-2wfm-hhpv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2935-2wfm-hhpv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/811661?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5"}],"aliases":["CVE-2025-2559","GHSA-2935-2wfm-hhpv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr4d-pmh8-yfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4952?format=json","vulnerability_id":"VCID-qjhb-ubp5-ukdy","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3632"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6649","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6645","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8203","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8203"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-18500","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-18500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196","reference_id":"1978196","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr","reference_id":"GHSA-qpq9-jpv4-6gwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/504240?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0"}],"aliases":["CVE-2021-3632","GHSA-qpq9-jpv4-6gwr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhb-ubp5-ukdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49846?format=json","vulnerability_id":"VCID-s9bw-xmnt-xqbp","summary":"Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods\nA flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1190","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06785","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45646","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45646"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1190","reference_id":"CVE-2026-1190","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1190"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1190","reference_id":"CVE-2026-1190","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1190"},{"reference_url":"https://github.com/advisories/GHSA-63v5-26vq-m4vm","reference_id":"GHSA-63v5-26vq-m4vm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-63v5-26vq-m4vm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73948?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3"}],"aliases":["CVE-2026-1190","GHSA-63v5-26vq-m4vm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9bw-xmnt-xqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65750?format=json","vulnerability_id":"VCID-shsh-c1xa-xbes","summary":"keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3925","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3926","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2092","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2092"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2092","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2822","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2092"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2092","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437296","reference_id":"2437296","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-wmxr-6j5f-838p","reference_id":"GHSA-wmxr-6j5f-838p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wmxr-6j5f-838p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113549?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/113550?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10"},{"url":"http://public2.vulnerablecode.io/api/packages/74475?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-2092","GHSA-wmxr-6j5f-838p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shsh-c1xa-xbes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61660?format=json","vulnerability_id":"VCID-sxtm-krnm-kff7","summary":"org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-7500","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-7500"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7500","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08904","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7500"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/48709","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/48709"},{"reference_url":"https://github.com/keycloak/keycloak/pull/48715","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/48715"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7500","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7500"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464126","reference_id":"2464126","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464126"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-hm32-hfmw-rhvg","reference_id":"GHSA-hm32-hfmw-rhvg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hm32-hfmw-rhvg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116958?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7fx-dbch-e7fa"},{"vulnerability":"VCID-qqn6-4z7u-4uas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.2"}],"aliases":["CVE-2026-7500","GHSA-hm32-hfmw-rhvg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxtm-krnm-kff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57741?format=json","vulnerability_id":"VCID-tv3h-kxj7-u7ct","summary":"Keycloak phishing attack via email verification step in first login flow\nThere is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to \"review profile\" information, which allows the the attacker to modify their email address to that of a victim's account. This triggers a verification email sent to the victim's email address. If the victim clicks the verification link, the attacker can gain access to the victim's account. While not a zero-interaction attack, the attacker's email address is not directly present in the verification email content, making it a potential phishing opportunity.\n\nThis issue has been fixed in versions 26.0.13, 26.2.6, and 26.3.0.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11986","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11987","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13678","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/40446","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://github.com/keycloak/keycloak/issues/40446"},{"reference_url":"https://github.com/keycloak/keycloak/pull/40520","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://github.com/keycloak/keycloak/pull/40520"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.0.13","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.0.13"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.2.6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.2.6"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-7365"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365"},{"reference_url":"https://github.com/advisories/GHSA-xhpr-465j-7p9q","reference_id":"GHSA-xhpr-465j-7p9q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xhpr-465j-7p9q"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q","reference_id":"GHSA-xhpr-465j-7p9q","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85929?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/803817?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/85928?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-7365","GHSA-xhpr-465j-7p9q"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv3h-kxj7-u7ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66664?format=json","vulnerability_id":"VCID-tvba-94zp-t3hc","summary":"keycloak: org.keycloak/keycloak-services: Keycloak: Privilege escalation via manage-clients permission","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3121"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01926","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3121"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46719","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442277","reference_id":"2442277","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442277"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-7xf9-4jfc-wgm4","reference_id":"GHSA-7xf9-4jfc-wgm4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7xf9-4jfc-wgm4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74838?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3121","GHSA-7xf9-4jfc-wgm4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvba-94zp-t3hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66856?format=json","vulnerability_id":"VCID-u2fq-9cjc-1kf6","summary":"keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2575"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09159","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2575"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46372","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46372"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440149","reference_id":"2440149","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440149"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-xv6h-r36f-3gp5","reference_id":"GHSA-xv6h-r36f-3gp5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xv6h-r36f-3gp5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112932?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4"}],"aliases":["CVE-2026-2575","GHSA-xv6h-r36f-3gp5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2fq-9cjc-1kf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45782?format=json","vulnerability_id":"VCID-ugpk-g4qu-x3b5","summary":"Keycloak vulnerable to user impersonation via stolen UUID code\nKeycloak's OpenID Connect user authentication was found to incorrectly authenticate requests. An authenticated attacker who could also obtain a certain piece of info from a user request, from a victim within the same realm, could use that data to impersonate the victim and generate new session tokens.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0264.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0264.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-0264","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-0264"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0264","reference_id":"","reference_type":"","scores":[{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.88567","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03942","scoring_system":"epss","scoring_elements":"0.8855","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0264"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/ec8109112e67208c13e13f6d1f8706a5a3ba8d4c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0264","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160585","reference_id":"2160585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160585"},{"reference_url":"https://github.com/advisories/GHSA-9g98-5mj6-f9mv","reference_id":"GHSA-9g98-5mj6-f9mv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9g98-5mj6-f9mv"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv","reference_id":"GHSA-9g98-5mj6-f9mv","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-9g98-5mj6-f9mv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66446?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@19.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@19.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/137584?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@21.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.0.1"}],"aliases":["CVE-2023-0264","GHSA-9g98-5mj6-f9mv","GMS-2023-573"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugpk-g4qu-x3b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65751?format=json","vulnerability_id":"VCID-uxs4-bydz-tbh4","summary":"keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3925","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3926","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2603"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45459","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2603"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a"},{"reference_url":"https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132"},{"reference_url":"https://github.com/keycloak/keycloak/commits/26.5.5","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commits/26.5.5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46911"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46932","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46932"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2603"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440300","reference_id":"2440300","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440300"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-x4p7-7chp-64hq","reference_id":"GHSA-x4p7-7chp-64hq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x4p7-7chp-64hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74475?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-2603","GHSA-x4p7-7chp-64hq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxs4-bydz-tbh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47506?format=json","vulnerability_id":"VCID-uya7-2sk1-6uat","summary":"Keycloak secondary factor bypass in step-up authentication\nKeycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3597","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-3597"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3597","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25898","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3597"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221760","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221760"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3597","reference_id":"CVE-2023-3597","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3597"},{"reference_url":"https://github.com/advisories/GHSA-4f53-xh3v-g8x4","reference_id":"GHSA-4f53-xh3v-g8x4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f53-xh3v-g8x4"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4","reference_id":"GHSA-4f53-xh3v-g8x4","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69809?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/69810?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-3597","GHSA-4f53-xh3v-g8x4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uya7-2sk1-6uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63839?format=json","vulnerability_id":"VCID-v69z-xrfn-q3gu","summary":"keycloak: Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4282","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4282"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4282","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05644","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4282"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47719","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4282","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448061","reference_id":"2448061","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448061"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-hj93-h7pg-fh6v","reference_id":"GHSA-hj93-h7pg-fh6v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hj93-h7pg-fh6v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4282","GHSA-hj93-h7pg-fh6v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v69z-xrfn-q3gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49398?format=json","vulnerability_id":"VCID-vdjk-2v9a-xfdk","summary":"Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions\nA flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14082","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01625","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419078","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419078"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14082","reference_id":"CVE-2025-14082","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14082"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14082","reference_id":"CVE-2025-14082","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14082"},{"reference_url":"https://github.com/advisories/GHSA-6q37-7866-h27j","reference_id":"GHSA-6q37-7866-h27j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q37-7866-h27j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72880?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-58n2-w8fu-u3hc"},{"vulnerability":"VCID-7fd4-t5k9-mfc7"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zr12-p5eq-wubj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0"}],"aliases":["CVE-2025-14082","GHSA-6q37-7866-h27j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdjk-2v9a-xfdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106123?format=json","vulnerability_id":"VCID-vs8q-ywf1-3qa2","summary":"keycloak-services: ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3856"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58775","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58728","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3856"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8588","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8588"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-19422","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-19422"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3856"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010164","reference_id":"2010164","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010164"},{"reference_url":"https://github.com/advisories/GHSA-3w4v-rvc4-2xpw","reference_id":"GHSA-3w4v-rvc4-2xpw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3w4v-rvc4-2xpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/504240?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0"}],"aliases":["CVE-2021-3856","GHSA-3w4v-rvc4-2xpw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vs8q-ywf1-3qa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63604?format=json","vulnerability_id":"VCID-vums-fzus-q7dn","summary":"org.keycloak.forms.login: keycloak: Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-37980","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-37980"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37980","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1572","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37980"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/48049","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/48049"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37980","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37980"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455325","reference_id":"2455325","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455325"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-m32f-8vh9-2hh3","reference_id":"GHSA-m32f-8vh9-2hh3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m32f-8vh9-2hh3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74838?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-37980","GHSA-m32f-8vh9-2hh3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vums-fzus-q7dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56013?format=json","vulnerability_id":"VCID-w6nc-88yg-dkem","summary":"Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect\nA misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10385","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10386","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6878","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6879","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6880","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6882","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6886","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6887","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6888","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6889","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6890","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8823","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8824","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8826","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8826"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8883","reference_id":"","reference_type":"","scores":[{"value":"0.06592","scoring_system":"epss","scoring_elements":"0.91347","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8883"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-8883","reference_id":"CVE-2024-8883","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-8883"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883","reference_id":"CVE-2024-8883","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883"},{"reference_url":"https://github.com/advisories/GHSA-w8gr-xwp4-r9f7","reference_id":"GHSA-w8gr-xwp4-r9f7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8gr-xwp4-r9f7"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7","reference_id":"GHSA-w8gr-xwp4-r9f7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82947?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/82948?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/82731?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6"}],"aliases":["CVE-2024-8883","GHSA-w8gr-xwp4-r9f7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6nc-88yg-dkem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55771?format=json","vulnerability_id":"VCID-wcb5-wnjf-5uhm","summary":"Duplicate Advisory: Keycloak has a brute force login protection bypass\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-gc7q-jgjv-vjr2. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6493","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6494","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6495","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6497","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6499","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6500","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6501","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4629","reference_id":"CVE-2024-4629","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-4629"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629","reference_id":"CVE-2024-4629","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629"},{"reference_url":"https://github.com/advisories/GHSA-8wm9-24qg-m5qj","reference_id":"GHSA-8wm9-24qg-m5qj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wm9-24qg-m5qj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82538?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.4"}],"aliases":["GHSA-8wm9-24qg-m5qj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wcb5-wnjf-5uhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52010?format=json","vulnerability_id":"VCID-wpgy-nvsp-wkdt","summary":"Cross-Site Request Forgery (CSRF)\nJBoss KeyCloak is vulnerable to soft token deletion via CSRF","references":[{"reference_url":"https://access.redhat.com/security/cve/cve-2014-3655","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2014-3655"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3655","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39906","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.3982","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/0b8b31a3ea7d8d7ac8b14a020613fc32aa5e9d9d","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/0b8b31a3ea7d8d7ac8b14a020613fc32aa5e9d9d"},{"reference_url":"https://github.com/keycloak/keycloak/pull/703","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/703"},{"reference_url":"https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3655.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3655.yaml"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-705","reference_id":"","reference_type":"","scores":[],"url":"https://issues.jboss.org/browse/KEYCLOAK-705"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3655","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3655"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138"},{"reference_url":"https://bugzilla.redhat.com/CVE-2014-3655","reference_id":"CVE-2014-3655","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2014-3655"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76189?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@1.0.2.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2jpt-zuv4-mybb"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-devd-tmch-f3hg"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fh1s-1jqa-3bgp"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq4a-ng5y-xudy"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zdyb-dh4t-5kam"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@1.0.2.Final"}],"aliases":["CVE-2014-3655","GHSA-237q-6hjp-pchq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpgy-nvsp-wkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5540?format=json","vulnerability_id":"VCID-wt2c-cyu2-kbgm","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27838","reference_id":"","reference_type":"","scores":[{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99373","published_at":"2026-06-05T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99371","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906797","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906797"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7790"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27838","reference_id":"CVE-2020-27838","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27838"},{"reference_url":"https://github.com/advisories/GHSA-pcv5-m2wh-66j3","reference_id":"GHSA-pcv5-m2wh-66j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcv5-m2wh-66j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79360?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0"}],"aliases":["CVE-2020-27838","GHSA-pcv5-m2wh-66j3"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2c-cyu2-kbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46136?format=json","vulnerability_id":"VCID-wxaq-rrqq-pyah","summary":"Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients\nWhen a Keycloak server is configured to support mTLS authentication for OAuth/OpenID clients, it does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client and therefore access data that belongs to other clients.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3883","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3884","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3885","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3888","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3892","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3892"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2422.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2422.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-2422","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-2422"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2422","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55652","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2422"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5c6c55945a384bfd82e51283096204dcb6f63d91","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5c6c55945a384bfd82e51283096204dcb6f63d91"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2422","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2191668","reference_id":"2191668","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2191668"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://github.com/advisories/GHSA-3qh5-qqj2-c78f","reference_id":"GHSA-3qh5-qqj2-c78f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3qh5-qqj2-c78f"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-3qh5-qqj2-c78f","reference_id":"GHSA-3qh5-qqj2-c78f","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-3qh5-qqj2-c78f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65823?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@21.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2"}],"aliases":["CVE-2023-2422","GHSA-3qh5-qqj2-c78f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxaq-rrqq-pyah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46902?format=json","vulnerability_id":"VCID-xbkp-kjgd-fqcx","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39491","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1","reference_id":"cpe:/a:redhat:serverless:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291"},{"reference_url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68192?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-86yc-ds2u-jba3"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/135958?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@23.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3"}],"aliases":["CVE-2023-6291","GHSA-mpwq-j3xf-7m5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57788?format=json","vulnerability_id":"VCID-xbmd-afn2-kfem","summary":"Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15336","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15337","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15338","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15339","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15339"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-8419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419"},{"reference_url":"https://github.com/advisories/GHSA-qj5r-2r5p-phc7","reference_id":"GHSA-qj5r-2r5p-phc7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qj5r-2r5p-phc7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70547?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3"}],"aliases":["GHSA-qj5r-2r5p-phc7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbmd-afn2-kfem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57220?format=json","vulnerability_id":"VCID-xk8n-4az9-zfh3","summary":"Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3910","reference_id":"CVE-2025-3910","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-3910"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910","reference_id":"CVE-2025-3910","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910"},{"reference_url":"https://github.com/advisories/GHSA-fx44-2wx5-5fvp","reference_id":"GHSA-fx44-2wx5-5fvp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fx44-2wx5-5fvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84985?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mzdb-4zsz-qqhn"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["GHSA-fx44-2wx5-5fvp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xk8n-4az9-zfh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57232?format=json","vulnerability_id":"VCID-xmxb-sg5r-ufbt","summary":"Keycloak hostname verification\nA flaw was found in Keycloak. By setting a verification policy to 'ANY', the trust store certificate verification is skipped, which is unintended.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26008","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272"},{"reference_url":"https://github.com/keycloak/keycloak/issues/39350","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://github.com/keycloak/keycloak/issues/39350"},{"reference_url":"https://github.com/keycloak/keycloak/pull/39366","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://github.com/keycloak/keycloak/pull/39366"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3501","reference_id":"CVE-2025-3501","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-3501"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501","reference_id":"CVE-2025-3501","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501"},{"reference_url":"https://github.com/advisories/GHSA-hw58-3793-42gg","reference_id":"GHSA-hw58-3793-42gg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hw58-3793-42gg"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg","reference_id":"GHSA-hw58-3793-42gg","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84985?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-mzdb-4zsz-qqhn"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["CVE-2025-3501","GHSA-hw58-3793-42gg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmxb-sg5r-ufbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64745?format=json","vulnerability_id":"VCID-xqks-vfap-aqb5","summary":"keycloak: org.keycloak.authorization: Keycloak: Unauthorized resource modification due to improper access control","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4628"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0151","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4628"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450240","reference_id":"2450240","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450240"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-4pgc-gfrr-wcmg","reference_id":"GHSA-4pgc-gfrr-wcmg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4pgc-gfrr-wcmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/992314?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sxtm-krnm-kff7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1"}],"aliases":["CVE-2026-4628","GHSA-4pgc-gfrr-wcmg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqks-vfap-aqb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63843?format=json","vulnerability_id":"VCID-xymt-c6mk-73ff","summary":"keycloak: Keycloak: UMA policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4636","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4636"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4636","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02167","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4636"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47717","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47717"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4636","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4636"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450251","reference_id":"2450251","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450251"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-f2hx-5fx3-hmcv","reference_id":"GHSA-f2hx-5fx3-hmcv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f2hx-5fx3-hmcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4636","GHSA-f2hx-5fx3-hmcv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xymt-c6mk-73ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47509?format=json","vulnerability_id":"VCID-y5qk-qy59-23hn","summary":"Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS\nA potential security flaw in the \"checkLoginIframe\" which allows unvalidated cross-origin messages, enabling potential DDoS attacks. By exploiting this vulnerability, attackers could coordinate to send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4057","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:4057"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1249","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46072","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1249"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262918","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262918"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26"},{"reference_url":"https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1","reference_id":"cpe:/a:redhat:amq_streams:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.33::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1","reference_id":"cpe:/a:redhat:rhdh:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1249","reference_id":"CVE-2024-1249","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1249"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1249","reference_id":"CVE-2024-1249","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1249"},{"reference_url":"https://github.com/advisories/GHSA-m6q9-p373-g5q8","reference_id":"GHSA-m6q9-p373-g5q8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6q9-p373-g5q8"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8","reference_id":"GHSA-m6q9-p373-g5q8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69809?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@22.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@22.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/69810?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-1249","GHSA-m6q9-p373-g5q8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5qk-qy59-23hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42282?format=json","vulnerability_id":"VCID-y9de-4w6u-abfa","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50801","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50741","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428"},{"reference_url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776","reference_id":"CVE-2020-10776","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776"},{"reference_url":"https://github.com/advisories/GHSA-484q-784p-8m5h","reference_id":"GHSA-484q-784p-8m5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-484q-784p-8m5h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60271?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-pu4g-rbu2-nbdb"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0"}],"aliases":["CVE-2020-10776","GHSA-484q-784p-8m5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56263?format=json","vulnerability_id":"VCID-zdyb-dh4t-5kam","summary":"org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10176","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10177","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10178","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10178"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31194","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-10270"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-10270","reference_id":"CVE-2024-10270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-10270"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270","reference_id":"CVE-2024-10270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270"},{"reference_url":"https://github.com/advisories/GHSA-wq8x-cg39-8mrr","reference_id":"GHSA-wq8x-cg39-8mrr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://github.com/advisories/GHSA-wq8x-cg39-8mrr"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr","reference_id":"GHSA-wq8x-cg39-8mrr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83338?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/83339?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6"}],"aliases":["CVE-2024-10270","GHSA-wq8x-cg39-8mrr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdyb-dh4t-5kam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41481?format=json","vulnerability_id":"VCID-zkxq-ejyr-8ba8","summary":"Improper Handling of Exceptional Conditions\nA flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1744","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40975","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40898","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1744"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805792","reference_id":"1805792","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805792"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-1744","reference_id":"CVE-2020-1744","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-1744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1744","reference_id":"CVE-2020-1744","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1744"},{"reference_url":"https://github.com/advisories/GHSA-4gf2-xv97-63m2","reference_id":"GHSA-4gf2-xv97-63m2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4gf2-xv97-63m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0945","reference_id":"RHSA-2020:0945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0946","reference_id":"RHSA-2020:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0947","reference_id":"RHSA-2020:0947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0951","reference_id":"RHSA-2020:0951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76955?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-2kyy-pzzx-n7gr"},{"vulnerability":"VCID-2xg4-ad4r-4kce"},{"vulnerability":"VCID-2xvq-t8jp-zfbj"},{"vulnerability":"VCID-36v6-qmgy-j3cv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-3kg4-uvgq-5khf"},{"vulnerability":"VCID-4hs9-48uu-8qbf"},{"vulnerability":"VCID-66zv-ra8w-s3b4"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-6kbf-zmzu-xbgt"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-8ekh-fbbj-5yfb"},{"vulnerability":"VCID-9jrc-ayvh-e7dk"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-asmd-x6cy-dqdt"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bub5-f9wf-57d4"},{"vulnerability":"VCID-ch1b-adh9-skah"},{"vulnerability":"VCID-cs4b-u9hn-9ugy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dt1x-6344-fkda"},{"vulnerability":"VCID-dvk9-qsq9-4uc3"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-g36a-kpzd-3bdf"},{"vulnerability":"VCID-ghak-3963-juhk"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-hjue-s41w-bye9"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-hxup-rgnc-mqbp"},{"vulnerability":"VCID-hzvd-ugxf-9fcd"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jfsk-9epz-t7a8"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jm25-gtrc-zuhh"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-k6ct-rgvj-t3an"},{"vulnerability":"VCID-kbc1-6psh-17d8"},{"vulnerability":"VCID-kf26-bvty-a3g9"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-m24y-x4sk-2yd6"},{"vulnerability":"VCID-mt5g-24m9-tfbg"},{"vulnerability":"VCID-nw1y-zwsy-auff"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tv3h-kxj7-u7ct"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-ugpk-g4qu-x3b5"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-uya7-2sk1-6uat"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vs8q-ywf1-3qa2"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-w6nc-88yg-dkem"},{"vulnerability":"VCID-wcb5-wnjf-5uhm"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wxaq-rrqq-pyah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-y5qk-qy59-23hn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zdyb-dh4t-5kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2"}],"aliases":["CVE-2020-1744","GHSA-4gf2-xv97-63m2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkxq-ejyr-8ba8"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@1.0-final"}