Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-core@24.0.5
Typemaven
Namespaceorg.keycloak
Namekeycloak-core
Version24.0.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.1.3
Latest_non_vulnerable_version26.1.3
Affected_by_vulnerabilities
0
url VCID-3jtq-par5-tuax
vulnerability_id VCID-3jtq-par5-tuax
summary A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4028
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42754
published_at 2026-06-14T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42583
published_at 2026-06-11T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42745
published_at 2026-06-12T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42764
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4028
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4028
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4028
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
6
reference_url https://access.redhat.com/security/cve/CVE-2024-4028
reference_id CVE-2024-4028
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/
url https://access.redhat.com/security/cve/CVE-2024-4028
7
reference_url https://github.com/advisories/GHSA-q4xq-445g-g6ch
reference_id GHSA-q4xq-445g-g6ch
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4xq-445g-g6ch
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2276418
reference_id show_bug.cgi?id=2276418
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2276418
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@26.1.3
purl pkg:maven/org.keycloak/keycloak-core@26.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.1.3
aliases CVE-2024-4028, GHSA-q4xq-445g-g6ch
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jtq-par5-tuax
1
url VCID-b99p-3rqx-v7b4
vulnerability_id VCID-b99p-3rqx-v7b4
summary keycloak-core: mTLS passthrough
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10039
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27588
published_at 2026-06-14T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27578
published_at 2026-06-12T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.27603
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10039
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/35217
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/35217
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319217
reference_id 2319217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319217
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10039
reference_id CVE-2024-10039
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-10039
7
reference_url https://github.com/advisories/GHSA-93ww-43rr-79v3
reference_id GHSA-93ww-43rr-79v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93ww-43rr-79v3
8
reference_url https://access.redhat.com/errata/RHSA-2024:10175
reference_id RHSA-2024:10175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10175
9
reference_url https://access.redhat.com/errata/RHSA-2024:10176
reference_id RHSA-2024:10176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10176
10
reference_url https://access.redhat.com/errata/RHSA-2024:10177
reference_id RHSA-2024:10177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10177
11
reference_url https://access.redhat.com/errata/RHSA-2024:10178
reference_id RHSA-2024:10178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10178
12
reference_url https://access.redhat.com/errata/RHSA-2025:11645
reference_id RHSA-2025:11645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11645
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@26.0.6
purl pkg:maven/org.keycloak/keycloak-core@26.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.0.6
aliases CVE-2024-10039, GHSA-93ww-43rr-79v3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b99p-3rqx-v7b4
2
url VCID-bvmd-z1hf-5yef
vulnerability_id VCID-bvmd-z1hf-5yef
summary Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://access.redhat.com/security/cve/CVE-2024-7318
reference_id CVE-2024-7318
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2024-7318
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
reference_id CVE-2024-7318
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
3
reference_url https://github.com/advisories/GHSA-57rh-gr4v-j5f6
reference_id GHSA-57rh-gr4v-j5f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57rh-gr4v-j5f6
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.0
purl pkg:maven/org.keycloak/keycloak-core@25.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-sg1r-gdub-fba1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0
aliases GHSA-57rh-gr4v-j5f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvmd-z1hf-5yef
3
url VCID-ha6q-h4bv-h7gy
vulnerability_id VCID-ha6q-h4bv-h7gy
summary Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://access.redhat.com/security/cve/CVE-2024-5967
reference_id CVE-2024-5967
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2024-5967
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5967
reference_id CVE-2024-5967
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5967
3
reference_url https://github.com/advisories/GHSA-gmrm-8fx4-66x7
reference_id GHSA-gmrm-8fx4-66x7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmrm-8fx4-66x7
fixed_packages
aliases GHSA-gmrm-8fx4-66x7
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ha6q-h4bv-h7gy
4
url VCID-m7ec-ad95-87aa
vulnerability_id VCID-m7ec-ad95-87aa
summary 
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.

Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7260
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51885
published_at 2026-06-14T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.51758
published_at 2026-06-11T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.51888
published_at 2026-06-12T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.519
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7260
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id cpe:/a:redhat:build_keycloak:24
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2024-7260
reference_id CVE-2024-7260
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/security/cve/CVE-2024-7260
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7260
reference_id CVE-2024-7260
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7260
7
reference_url https://github.com/advisories/GHSA-g4gc-rh26-m3p5
reference_id GHSA-g4gc-rh26-m3p5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4gc-rh26-m3p5
8
reference_url https://access.redhat.com/errata/RHSA-2024:6502
reference_id RHSA-2024:6502
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/errata/RHSA-2024:6502
9
reference_url https://access.redhat.com/errata/RHSA-2024:6503
reference_id RHSA-2024:6503
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/errata/RHSA-2024:6503
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2301875
reference_id show_bug.cgi?id=2301875
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2301875
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.0
purl pkg:maven/org.keycloak/keycloak-core@25.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-sg1r-gdub-fba1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0
aliases CVE-2024-7260, GHSA-g4gc-rh26-m3p5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ec-ad95-87aa
5
url VCID-sg1r-gdub-fba1
vulnerability_id VCID-sg1r-gdub-fba1
summary 
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.
A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7318
reference_id
reference_type
scores
0
value 0.00938
scoring_system epss
scoring_elements 0.76729
published_at 2026-06-14T12:55:00Z
1
value 0.00938
scoring_system epss
scoring_elements 0.76651
published_at 2026-06-11T12:55:00Z
2
value 0.00938
scoring_system epss
scoring_elements 0.7672
published_at 2026-06-12T12:55:00Z
3
value 0.00938
scoring_system epss
scoring_elements 0.76734
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7318
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id cpe:/a:redhat:build_keycloak:24
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2024-7318
reference_id CVE-2024-7318
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/security/cve/CVE-2024-7318
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
reference_id CVE-2024-7318
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
7
reference_url https://github.com/advisories/GHSA-xmmm-jw76-q7vg
reference_id GHSA-xmmm-jw76-q7vg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmmm-jw76-q7vg
8
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg
reference_id GHSA-xmmm-jw76-q7vg
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg
9
reference_url https://access.redhat.com/errata/RHSA-2024:6502
reference_id RHSA-2024:6502
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/errata/RHSA-2024:6502
10
reference_url https://access.redhat.com/errata/RHSA-2024:6503
reference_id RHSA-2024:6503
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/errata/RHSA-2024:6503
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2301876
reference_id show_bug.cgi?id=2301876
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2301876
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.4
purl pkg:maven/org.keycloak/keycloak-core@25.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.4
aliases CVE-2024-7318, GHSA-xmmm-jw76-q7vg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg1r-gdub-fba1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.5