| 0 |
| url |
VCID-1ewb-gxkb-j3cn |
| vulnerability_id |
VCID-1ewb-gxkb-j3cn |
| summary |
arbitrary code execution |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@11.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@11.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 2 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 3 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 4 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 5 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 6 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 7 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 8 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 9 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 10 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 11 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 12 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 13 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 14 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 15 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 16 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 17 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 18 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 19 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 20 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 21 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 22 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 23 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 24 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 25 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 26 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 27 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 28 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@11.0.0 |
|
|
| aliases |
CVE-2020-1714, GHSA-m6mm-q862-j366
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1ewb-gxkb-j3cn |
|
| 1 |
| url |
VCID-1twj-46mj-vbeg |
| vulnerability_id |
VCID-1twj-46mj-vbeg |
| summary |
Improper Restriction of Rendered UI Layers or Frames in Keycloak |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@10.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@10.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 2 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 3 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 4 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 5 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 6 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 7 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 8 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 9 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 10 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 11 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 12 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 13 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 14 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 15 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 16 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 17 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 18 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 19 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 20 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 21 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 22 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 23 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 24 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 25 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 26 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 27 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 28 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 29 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0 |
|
|
| aliases |
CVE-2020-1728, GHSA-3gg7-9q2x-79fc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1twj-46mj-vbeg |
|
| 2 |
| url |
VCID-27n8-twqe-c7hg |
| vulnerability_id |
VCID-27n8-twqe-c7hg |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@8.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@8.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 5 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 6 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 7 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 8 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 9 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 10 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 11 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 12 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 13 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 14 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 15 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 16 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 17 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 18 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 19 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 20 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 21 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 22 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 23 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 24 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 25 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 26 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 27 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 28 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 29 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 30 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 31 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 32 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 33 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 34 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 35 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0 |
|
|
| aliases |
CVE-2019-14820, GHSA-xfqh-7356-vqjj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-27n8-twqe-c7hg |
|
| 3 |
| url |
VCID-3jtq-par5-tuax |
| vulnerability_id |
VCID-3jtq-par5-tuax |
| summary |
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-4028, GHSA-q4xq-445g-g6ch
|
| risk_score |
1.7 |
| exploitability |
0.5 |
| weighted_severity |
3.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3jtq-par5-tuax |
|
| 4 |
|
| 5 |
| url |
VCID-49ev-wsaa-4bbn |
| vulnerability_id |
VCID-49ev-wsaa-4bbn |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@9.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-core@9.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 5 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 6 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 7 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 8 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 9 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 10 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 11 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 12 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 13 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 14 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 15 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 16 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 17 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 18 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 19 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 20 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 21 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 22 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 23 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 24 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 25 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 26 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 27 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 28 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 29 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 30 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 31 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.2 |
|
|
| aliases |
CVE-2020-1724, GHSA-8xj2-47xw-q78c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-49ev-wsaa-4bbn |
|
| 6 |
| url |
VCID-551s-5jc8-x7g4 |
| vulnerability_id |
VCID-551s-5jc8-x7g4 |
| summary |
XSS in Keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@9.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@9.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 5 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 6 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 7 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 8 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 9 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 10 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 11 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 12 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 13 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 14 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 15 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 16 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 17 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 18 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 19 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 20 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 21 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 22 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 23 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 24 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 25 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 26 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 27 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 28 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 29 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 30 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 31 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 32 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 33 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.0 |
|
|
| aliases |
CVE-2020-1697, GHSA-8vf3-4w62-m3pq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-551s-5jc8-x7g4 |
|
| 7 |
| url |
VCID-6kkn-nm8v-u3a4 |
| vulnerability_id |
VCID-6kkn-nm8v-u3a4 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@8.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@8.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 5 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 6 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 7 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 8 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 9 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 10 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 11 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 12 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 13 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 14 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 15 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 16 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 17 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 18 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 19 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 20 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 21 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 22 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 23 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 24 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 25 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 26 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 27 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 28 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 29 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 30 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 31 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 32 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 33 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 34 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 35 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0 |
|
|
| aliases |
CVE-2019-10170, GHSA-7m27-3587-83xf
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6kkn-nm8v-u3a4 |
|
| 8 |
| url |
VCID-7q52-ujxg-pyg4 |
| vulnerability_id |
VCID-7q52-ujxg-pyg4 |
| summary |
privilege escalation |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@12.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@12.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 2 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 3 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 4 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 5 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 6 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 7 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 8 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 9 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 10 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 11 |
| vulnerability |
VCID-gxku-5esb-1qct |
|
| 12 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 13 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 14 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 15 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 16 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 17 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 18 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 19 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 20 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 21 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 22 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 23 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 24 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 25 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 26 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0 |
|
|
| aliases |
CVE-2020-27826, GHSA-m9cj-v55f-8x26
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7q52-ujxg-pyg4 |
|
| 9 |
| url |
VCID-7tca-nfme-37ek |
| vulnerability_id |
VCID-7tca-nfme-37ek |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@4.6.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-core@4.6.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-27n8-twqe-c7hg |
|
| 3 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 4 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 5 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 6 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 7 |
| vulnerability |
VCID-6kkn-nm8v-u3a4 |
|
| 8 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 9 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 10 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 11 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 12 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 13 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 14 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 15 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 16 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 17 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 18 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 19 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 20 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 21 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 22 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 23 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 24 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 25 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 26 |
| vulnerability |
VCID-qwr8-j8k6-fqew |
|
| 27 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 28 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 29 |
| vulnerability |
VCID-t4zx-ktg9-zue4 |
|
| 30 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 31 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 32 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 33 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 34 |
| vulnerability |
VCID-x6m8-gkbc-4kec |
|
| 35 |
| vulnerability |
VCID-x77r-6nax-tqg6 |
|
| 36 |
| vulnerability |
VCID-xf39-m1jv-zbfj |
|
| 37 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 38 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 39 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 40 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 41 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 42 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 43 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.6.0.Final |
|
| 1 |
|
|
| aliases |
CVE-2018-14637, GHSA-gf2j-7qwg-4f5x
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7tca-nfme-37ek |
|
| 10 |
| url |
VCID-7xus-anmm-9ba3 |
| vulnerability_id |
VCID-7xus-anmm-9ba3 |
| summary |
cross-site request forgery |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@12.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-core@12.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 2 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 3 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 7 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 8 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 9 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 10 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 11 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 12 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 13 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 14 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 15 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 16 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 17 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 18 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 19 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 20 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 21 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 22 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 23 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 24 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.2 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-core@13.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@13.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 2 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 3 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 4 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 5 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 6 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 7 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 8 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 9 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 10 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 11 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 12 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 13 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 14 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 15 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 16 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 17 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0 |
|
|
| aliases |
CVE-2020-10770, GHSA-jh7q-5mwf-qvhw
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7xus-anmm-9ba3 |
|
| 11 |
|
| 12 |
|
| 13 |
| url |
VCID-c2nr-hks8-4qg1 |
| vulnerability_id |
VCID-c2nr-hks8-4qg1 |
| summary |
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nr-hks8-4qg1 |
|
| 14 |
|
| 15 |
| url |
VCID-cxjv-a4yf-2bgs |
| vulnerability_id |
VCID-cxjv-a4yf-2bgs |
| summary |
Predictable password in Keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@8.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-core@8.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 5 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 6 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 7 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 8 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 9 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 10 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 11 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 12 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 13 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 14 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 15 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 16 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 17 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 18 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 19 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 20 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 21 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 22 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 23 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 24 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 25 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 26 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 27 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 28 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 29 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 30 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 31 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 32 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 33 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 34 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.2 |
|
|
| aliases |
CVE-2020-1731, GHSA-6pmv-7pr9-cgrj
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cxjv-a4yf-2bgs |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
| url |
VCID-h6ky-xtx2-augv |
| vulnerability_id |
VCID-h6ky-xtx2-augv |
| summary |
Cross-site Scripting in keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@12.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@12.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 2 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 3 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 4 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 5 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 6 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 7 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 8 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 9 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 10 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 11 |
| vulnerability |
VCID-gxku-5esb-1qct |
|
| 12 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 13 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 14 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 15 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 16 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 17 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 18 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 19 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 20 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 21 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 22 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 23 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 24 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 25 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 26 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0 |
|
|
| aliases |
CVE-2020-10776, GHSA-484q-784p-8m5h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h6ky-xtx2-augv |
|
| 20 |
| url |
VCID-hvwy-pv1y-sqeg |
| vulnerability_id |
VCID-hvwy-pv1y-sqeg |
| summary |
Improper Authentication for Keycloak |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@8.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@8.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 5 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 6 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 7 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 8 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 9 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 10 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 11 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 12 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 13 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 14 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 15 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 16 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 17 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 18 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 19 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 20 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 21 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 22 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 23 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 24 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 25 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 26 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 27 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 28 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 29 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 30 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 31 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 32 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 33 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 34 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 35 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0 |
|
|
| aliases |
CVE-2020-1718, GHSA-j229-2h63-rvh9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hvwy-pv1y-sqeg |
|
| 21 |
|
| 22 |
| url |
VCID-ktfu-j9gz-p7d1 |
| vulnerability_id |
VCID-ktfu-j9gz-p7d1 |
| summary |
Keycloak vulnerable to cross-site scripting via the state parameter |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@4.4.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-core@4.4.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-27n8-twqe-c7hg |
|
| 3 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 4 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 5 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 6 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 7 |
| vulnerability |
VCID-6kkn-nm8v-u3a4 |
|
| 8 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 9 |
| vulnerability |
VCID-7tca-nfme-37ek |
|
| 10 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 11 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 12 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 13 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 14 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 15 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 16 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 17 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 18 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 19 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 20 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 21 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 22 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 23 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 24 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 25 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 26 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 27 |
| vulnerability |
VCID-qwr8-j8k6-fqew |
|
| 28 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 29 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 30 |
| vulnerability |
VCID-t4zx-ktg9-zue4 |
|
| 31 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 32 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 33 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 34 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 35 |
| vulnerability |
VCID-x6m8-gkbc-4kec |
|
| 36 |
| vulnerability |
VCID-x77r-6nax-tqg6 |
|
| 37 |
| vulnerability |
VCID-xf39-m1jv-zbfj |
|
| 38 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 39 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 40 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 41 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 42 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 43 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 44 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.4.0.Final |
|
|
| aliases |
CVE-2018-14655, GHSA-458h-wv48-fq75
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ktfu-j9gz-p7d1 |
|
| 23 |
|
| 24 |
| url |
VCID-m7ec-ad95-87aa |
| vulnerability_id |
VCID-m7ec-ad95-87aa |
| summary |
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.
Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/keycloak/keycloak |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/keycloak/keycloak |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2024-7260 |
| reference_id |
CVE-2024-7260 |
| reference_type |
|
| scores |
| 0 |
| value |
4.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2024-7260 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6502 |
| reference_id |
RHSA-2024:6502 |
| reference_type |
|
| scores |
| 0 |
| value |
4.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6502 |
|
| 9 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6503 |
| reference_id |
RHSA-2024:6503 |
| reference_type |
|
| scores |
| 0 |
| value |
4.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6503 |
|
| 10 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2301875 |
| reference_id |
show_bug.cgi?id=2301875 |
| reference_type |
|
| scores |
| 0 |
| value |
4.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2301875 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-7260, GHSA-g4gc-rh26-m3p5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ec-ad95-87aa |
|
| 25 |
| url |
VCID-mb69-adq5-aqdy |
| vulnerability_id |
VCID-mb69-adq5-aqdy |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@9.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@9.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 5 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 6 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 7 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 8 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 9 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 10 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 11 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 12 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 13 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 14 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 15 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 16 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 17 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 18 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 19 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 20 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 21 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 22 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 23 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 24 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 25 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 26 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 27 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 28 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 29 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 30 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 31 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 32 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 33 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.0 |
|
|
| aliases |
CVE-2020-1698, GHSA-qgmm-f2qw-r95f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mb69-adq5-aqdy |
|
| 26 |
|
| 27 |
| url |
VCID-qbxs-9gb1-dbe3 |
| vulnerability_id |
VCID-qbxs-9gb1-dbe3 |
| summary |
cross-site scripting |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@12.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-core@12.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 2 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 3 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 7 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 8 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 9 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 10 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 11 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 12 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 13 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 14 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 15 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 16 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 17 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 18 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 19 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 20 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 21 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 22 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 23 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.3 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-core@13.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@13.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 2 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 3 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 4 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 5 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 6 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 7 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 8 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 9 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 10 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 11 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 12 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 13 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 14 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 15 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 16 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 17 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0 |
|
|
| aliases |
CVE-2021-20195, GHSA-q6w2-89hq-hq27
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qbxs-9gb1-dbe3 |
|
| 28 |
| url |
VCID-qwr8-j8k6-fqew |
| vulnerability_id |
VCID-qwr8-j8k6-fqew |
| summary |
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@7.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@7.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-27n8-twqe-c7hg |
|
| 3 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 4 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 5 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 6 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 7 |
| vulnerability |
VCID-6kkn-nm8v-u3a4 |
|
| 8 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 9 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 10 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 11 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 12 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 13 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 14 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 15 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 16 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 17 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 18 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 19 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 20 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 21 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 22 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 23 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 24 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 25 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 26 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 27 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 28 |
| vulnerability |
VCID-t4zx-ktg9-zue4 |
|
| 29 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 30 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 31 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 32 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 33 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 34 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 35 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 36 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 37 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 38 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 39 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0 |
|
|
| aliases |
CVE-2019-3875, GHSA-38cg-gg9j-q9j9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qwr8-j8k6-fqew |
|
| 29 |
| url |
VCID-sbyx-da8j-mqfx |
| vulnerability_id |
VCID-sbyx-da8j-mqfx |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@12.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@12.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 2 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 3 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 4 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 5 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 6 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 7 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 8 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 9 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 10 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 11 |
| vulnerability |
VCID-gxku-5esb-1qct |
|
| 12 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 13 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 14 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 15 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 16 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 17 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 18 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 19 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 20 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 21 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 22 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 23 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 24 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 25 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 26 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0 |
|
|
| aliases |
CVE-2020-14389, GHSA-c9x9-xv66-xp3v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyx-da8j-mqfx |
|
| 30 |
| url |
VCID-sg1r-gdub-fba1 |
| vulnerability_id |
VCID-sg1r-gdub-fba1 |
| summary |
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.
A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/keycloak/keycloak |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/keycloak/keycloak |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2024-7318 |
| reference_id |
CVE-2024-7318 |
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2024-7318 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6502 |
| reference_id |
RHSA-2024:6502 |
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6502 |
|
| 10 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6503 |
| reference_id |
RHSA-2024:6503 |
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6503 |
|
| 11 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2301876 |
| reference_id |
show_bug.cgi?id=2301876 |
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2301876 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-7318, GHSA-xmmm-jw76-q7vg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sg1r-gdub-fba1 |
|
| 31 |
| url |
VCID-t4zx-ktg9-zue4 |
| vulnerability_id |
VCID-t4zx-ktg9-zue4 |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@8.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@8.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 5 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 6 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 7 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 8 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 9 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 10 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 11 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 12 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 13 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 14 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 15 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 16 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 17 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 18 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 19 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 20 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 21 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 22 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 23 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 24 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 25 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 26 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 27 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 28 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 29 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 30 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 31 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 32 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 33 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 34 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 35 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0 |
|
|
| aliases |
CVE-2019-14837, GHSA-cf8f-w2c5-p5jr
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t4zx-ktg9-zue4 |
|
| 32 |
|
| 33 |
|
| 34 |
| url |
VCID-w5wa-m47v-7fhy |
| vulnerability_id |
VCID-w5wa-m47v-7fhy |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-core@9.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-core@9.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 3 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 4 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 5 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 6 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 7 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 8 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 9 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 10 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 11 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 12 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 13 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 14 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 15 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 16 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 17 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 18 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 19 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 20 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 21 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 22 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 23 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 24 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 25 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 26 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 27 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 28 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 29 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 30 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 31 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.2 |
|
|
| aliases |
CVE-2020-1744, GHSA-4gf2-xv97-63m2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w5wa-m47v-7fhy |
|
| 35 |
| url |
VCID-wfeg-6241-cucs |
| vulnerability_id |
VCID-wfeg-6241-cucs |
| summary |
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfeg-6241-cucs |
|
| 36 |
| url |
VCID-x6m8-gkbc-4kec |
| vulnerability_id |
VCID-x6m8-gkbc-4kec |
| summary |
Improper Verification of Cryptographic Signature in keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@7.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@7.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-27n8-twqe-c7hg |
|
| 3 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 4 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 5 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 6 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 7 |
| vulnerability |
VCID-6kkn-nm8v-u3a4 |
|
| 8 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 9 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 10 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 11 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 12 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 13 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 14 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 15 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 16 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 17 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 18 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 19 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 20 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 21 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 22 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 23 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 24 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 25 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 26 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 27 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 28 |
| vulnerability |
VCID-t4zx-ktg9-zue4 |
|
| 29 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 30 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 31 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 32 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 33 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 34 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 35 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 36 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 37 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 38 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 39 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0 |
|
|
| aliases |
CVE-2019-10201, GHSA-4fgq-gq9g-3rw7
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x6m8-gkbc-4kec |
|
| 37 |
| url |
VCID-x77r-6nax-tqg6 |
| vulnerability_id |
VCID-x77r-6nax-tqg6 |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@6.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@6.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-27n8-twqe-c7hg |
|
| 3 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 4 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 5 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 6 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 7 |
| vulnerability |
VCID-6kkn-nm8v-u3a4 |
|
| 8 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 9 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 10 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 11 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 12 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 13 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 14 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 15 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 16 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 17 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 18 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 19 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 20 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 21 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 22 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 23 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 24 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 25 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 26 |
| vulnerability |
VCID-qwr8-j8k6-fqew |
|
| 27 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 28 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 29 |
| vulnerability |
VCID-t4zx-ktg9-zue4 |
|
| 30 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 31 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 32 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 33 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 34 |
| vulnerability |
VCID-x6m8-gkbc-4kec |
|
| 35 |
| vulnerability |
VCID-xf39-m1jv-zbfj |
|
| 36 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 37 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 38 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 39 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 40 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 41 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 42 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@6.0.0 |
|
|
| aliases |
CVE-2019-3868, GHSA-gc52-xj6p-9pxp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x77r-6nax-tqg6 |
|
| 38 |
| url |
VCID-xf39-m1jv-zbfj |
| vulnerability_id |
VCID-xf39-m1jv-zbfj |
| summary |
Improper Input Validation and Cross-Site Request Forgery in Keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@7.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@7.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-1twj-46mj-vbeg |
|
| 2 |
| vulnerability |
VCID-27n8-twqe-c7hg |
|
| 3 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 4 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 5 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 6 |
| vulnerability |
VCID-551s-5jc8-x7g4 |
|
| 7 |
| vulnerability |
VCID-6kkn-nm8v-u3a4 |
|
| 8 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 9 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 10 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 11 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 12 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 13 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 14 |
| vulnerability |
VCID-cxjv-a4yf-2bgs |
|
| 15 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 16 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 17 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 18 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 19 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 20 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 21 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 22 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 23 |
| vulnerability |
VCID-mb69-adq5-aqdy |
|
| 24 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 25 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 26 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 27 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 28 |
| vulnerability |
VCID-t4zx-ktg9-zue4 |
|
| 29 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 30 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 31 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 32 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 33 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 34 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 35 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 36 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 37 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 38 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
| 39 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0 |
|
|
| aliases |
CVE-2019-10199, GHSA-p5xp-6vpf-jwvh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xf39-m1jv-zbfj |
|
| 39 |
|
| 40 |
|
| 41 |
| url |
VCID-z5qm-jh27-skdr |
| vulnerability_id |
VCID-z5qm-jh27-skdr |
| summary |
A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/keycloak/keycloak |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/keycloak/keycloak |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2023-6841 |
| reference_id |
CVE-2023-6841 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2023-6841 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2254714 |
| reference_id |
show_bug.cgi?id=2254714 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2254714 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-6841, GHSA-w97f-w3hq-36g2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z5qm-jh27-skdr |
|
| 42 |
| url |
VCID-z5yv-y145-abeh |
| vulnerability_id |
VCID-z5yv-y145-abeh |
| summary |
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@14.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@14.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 1 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 2 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 3 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 4 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 5 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 6 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 7 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 8 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 9 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 10 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 11 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 12 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 13 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 14 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 15 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 16 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@14.0.0 |
|
|
| aliases |
CVE-2020-35509, GHSA-rpj2-w6fr-79hc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z5yv-y145-abeh |
|
| 43 |
|
| 44 |
| url |
VCID-zha3-5yra-sfae |
| vulnerability_id |
VCID-zha3-5yra-sfae |
| summary |
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2023-0091 |
| reference_id |
CVE-2023-0091 |
| reference_type |
|
| scores |
| 0 |
| value |
3.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2023-0091 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-0091, GHSA-v436-q368-hvgg, GMS-2023-37
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zha3-5yra-sfae |
|
| 45 |
| url |
VCID-ztxp-j5gt-4qdb |
| vulnerability_id |
VCID-ztxp-j5gt-4qdb |
| summary |
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-core@10.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-core@10.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1ewb-gxkb-j3cn |
|
| 1 |
| vulnerability |
VCID-3jtq-par5-tuax |
|
| 2 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 3 |
| vulnerability |
VCID-7q52-ujxg-pyg4 |
|
| 4 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 5 |
| vulnerability |
VCID-b99p-3rqx-v7b4 |
|
| 6 |
| vulnerability |
VCID-bvmd-z1hf-5yef |
|
| 7 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 8 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 9 |
| vulnerability |
VCID-czc3-kxs3-yfdt |
|
| 10 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 11 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 12 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 13 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 14 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 15 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 16 |
| vulnerability |
VCID-m7ec-ad95-87aa |
|
| 17 |
| vulnerability |
VCID-q1jj-f5rg-57b1 |
|
| 18 |
| vulnerability |
VCID-qbxs-9gb1-dbe3 |
|
| 19 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 20 |
| vulnerability |
VCID-sg1r-gdub-fba1 |
|
| 21 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 22 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 23 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 24 |
| vulnerability |
VCID-yb4r-xbbq-47en |
|
| 25 |
| vulnerability |
VCID-ymg3-rjrx-pkan |
|
| 26 |
| vulnerability |
VCID-z5qm-jh27-skdr |
|
| 27 |
| vulnerability |
VCID-z5yv-y145-abeh |
|
| 28 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 29 |
| vulnerability |
VCID-zha3-5yra-sfae |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0 |
|
|
| aliases |
CVE-2020-1758, GHSA-c597-f74m-jgc2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxp-j5gt-4qdb |
|