| 0 |
| url |
VCID-1j4m-w46h-zkhq |
| vulnerability_id |
VCID-1j4m-w46h-zkhq |
| summary |
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.3.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 1 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 2 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 3 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 4 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 5 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 6 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 7 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 8 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 9 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 10 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 11 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 12 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 13 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 14 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 15 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 16 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 17 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 18 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 19 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 20 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 21 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3 |
|
|
| aliases |
CVE-2025-8419, GHSA-m4j5-5x4r-2xp9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1j4m-w46h-zkhq |
|
| 1 |
| url |
VCID-1mxe-pmc8-63aw |
| vulnerability_id |
VCID-1mxe-pmc8-63aw |
| summary |
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 19 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 20 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 21 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 22 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 23 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 24 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 25 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 26 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 27 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 28 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 29 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 30 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 31 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 32 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 33 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 34 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 35 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 36 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 37 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 38 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 39 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 40 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 41 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 42 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 43 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 44 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 45 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3 |
|
|
| aliases |
CVE-2023-0657, GHSA-7fpj-9hr8-28vh
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1mxe-pmc8-63aw |
|
| 2 |
| url |
VCID-1z6p-w7um-2kbf |
| vulnerability_id |
VCID-1z6p-w7um-2kbf |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@21.1.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@21.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 17 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 18 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 19 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 20 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 21 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 22 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 23 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 24 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 25 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 26 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 27 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 28 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 29 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 30 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 31 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 32 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 33 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 34 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 35 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 36 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 37 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 38 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 39 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 40 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 41 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 42 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 43 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 44 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 45 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 46 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 47 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 48 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 49 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 50 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 51 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 52 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 53 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 54 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 55 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 56 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 57 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 58 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 59 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2 |
|
|
| aliases |
CVE-2023-2585, GHSA-f5h4-wmp5-xhg6
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1z6p-w7um-2kbf |
|
| 3 |
| url |
VCID-32db-rsf2-h7hm |
| vulnerability_id |
VCID-32db-rsf2-h7hm |
| summary |
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:maven/org.keycloak/keycloak-services@25.0.5 |
| purl |
pkg:maven/org.keycloak/keycloak-services@25.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 2 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 3 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 4 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 5 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 6 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 7 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 8 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 9 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 10 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 11 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 12 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 13 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 14 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 15 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 16 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 17 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 18 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 19 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 20 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 21 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 22 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 23 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 24 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 25 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 26 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 27 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 28 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 29 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 30 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 31 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 32 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 33 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 34 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 35 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 36 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 37 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 38 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 39 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.5 |
|
|
| aliases |
CVE-2024-7341, GHSA-5rxp-2rhr-qwqv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-32db-rsf2-h7hm |
|
| 4 |
| url |
VCID-38vg-nb6g-3kg8 |
| vulnerability_id |
VCID-38vg-nb6g-3kg8 |
| summary |
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:maven/org.keycloak/keycloak-services@25.0.6 |
| purl |
pkg:maven/org.keycloak/keycloak-services@25.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 2 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 3 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 4 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 5 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 6 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 7 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 8 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 9 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 10 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 11 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 12 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 13 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 14 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 15 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 16 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 17 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 18 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 19 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 20 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 21 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 22 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 23 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 24 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 25 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 26 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 27 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 28 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 29 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 30 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 31 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 32 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 33 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 34 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 35 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 36 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 37 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6 |
|
|
| aliases |
CVE-2024-8883, GHSA-w8gr-xwp4-r9f7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-38vg-nb6g-3kg8 |
|
| 5 |
| url |
VCID-39yc-g31q-u7gt |
| vulnerability_id |
VCID-39yc-g31q-u7gt |
| summary |
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.
# Original Description
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.2.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 7 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 8 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 9 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 10 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 11 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 12 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 13 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 14 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 15 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 16 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 17 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 18 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 19 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 20 |
| vulnerability |
VCID-sa2j-p1w2-ebgj |
|
| 21 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 22 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 23 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 24 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 25 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 26 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 27 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 28 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 29 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 30 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2 |
|
|
| aliases |
GHSA-fx44-2wx5-5fvp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-39yc-g31q-u7gt |
|
| 6 |
| url |
VCID-3mcs-n479-zydu |
| vulnerability_id |
VCID-3mcs-n479-zydu |
| summary |
multiple issues |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 20 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 21 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 22 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 23 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 24 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 25 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 26 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 27 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 28 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 29 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 30 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 31 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 32 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 33 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 34 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 35 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 36 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 37 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 38 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 39 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 40 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 41 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 42 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 43 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 44 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 45 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 46 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 47 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 48 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 49 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 50 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 51 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 52 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 53 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 54 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 55 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 56 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 57 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 58 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 59 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 60 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 61 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 62 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 63 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 64 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 65 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 66 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 67 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 68 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 69 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 70 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 71 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 72 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0 |
|
|
| aliases |
CVE-2021-20202, GHSA-6xp6-fmc8-pmmr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3mcs-n479-zydu |
|
| 7 |
| url |
VCID-42w4-65kp-f7dy |
| vulnerability_id |
VCID-42w4-65kp-f7dy |
| summary |
A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.1.5 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 2 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 3 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 4 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 5 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 6 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 7 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 8 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 9 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 10 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 11 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 12 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 13 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 14 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 15 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 16 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 17 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 18 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 19 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 20 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 21 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 22 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 23 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 24 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 25 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 26 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 27 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 28 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 29 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 30 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 31 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 32 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5 |
|
|
| aliases |
CVE-2025-2559, GHSA-2935-2wfm-hhpv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-42w4-65kp-f7dy |
|
| 8 |
| url |
VCID-49ev-wsaa-4bbn |
| vulnerability_id |
VCID-49ev-wsaa-4bbn |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@9.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@9.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 9 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 20 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 21 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 22 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 23 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 24 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 25 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 26 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 27 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 28 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 29 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 30 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 31 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 32 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 33 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 34 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 35 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 36 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 37 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 38 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 39 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 40 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 41 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 42 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 43 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 44 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 45 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 46 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 47 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 48 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 49 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 50 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 51 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 52 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 53 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 54 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 55 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 56 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 57 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 58 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 59 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 60 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 61 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 62 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 63 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 64 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 65 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 66 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 67 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 68 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 69 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 70 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 71 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 72 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 73 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 74 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 75 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 76 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 77 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 78 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 79 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 80 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 81 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
| 82 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2 |
|
|
| aliases |
CVE-2020-1724, GHSA-8xj2-47xw-q78c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-49ev-wsaa-4bbn |
|
| 9 |
| url |
VCID-4b67-9tus-s7ds |
| vulnerability_id |
VCID-4b67-9tus-s7ds |
| summary |
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-2733, GHSA-fjf4-6f34-w64q
|
| risk_score |
1.7 |
| exploitability |
0.5 |
| weighted_severity |
3.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4b67-9tus-s7ds |
|
| 10 |
| url |
VCID-4taw-3r2y-eud6 |
| vulnerability_id |
VCID-4taw-3r2y-eud6 |
| summary |
Keycloak's improper input validation allows using email as username |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.1 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 8 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 9 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 10 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 11 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 12 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 13 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 14 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 15 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 16 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 17 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 18 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 19 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 20 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 21 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 22 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 23 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 24 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 25 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 26 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 27 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 28 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 29 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 30 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 31 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 32 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 33 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 34 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 35 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 36 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 37 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 38 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 39 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 40 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 41 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 42 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 43 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 44 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 45 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 46 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 47 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 48 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 49 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 50 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 51 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 52 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 53 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.1 |
|
|
| aliases |
CVE-2021-3754, GHSA-4vc8-pg5c-vg4x
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4taw-3r2y-eud6 |
|
| 11 |
| url |
VCID-4uf3-t2q9-5fcp |
| vulnerability_id |
VCID-4uf3-t2q9-5fcp |
| summary |
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3121, GHSA-7xf9-4jfc-wgm4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4uf3-t2q9-5fcp |
|
| 12 |
| url |
VCID-4y2p-6e9v-ufh7 |
| vulnerability_id |
VCID-4y2p-6e9v-ufh7 |
| summary |
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3009, GHSA-m297-3jv9-m927
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4y2p-6e9v-ufh7 |
|
| 13 |
| url |
VCID-5cfv-kzxe-3qg4 |
| vulnerability_id |
VCID-5cfv-kzxe-3qg4 |
| summary |
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed into an inline JavaScript `onclick` handler, allowing a crafted JavaScript payload to execute in a user's browser when they view the login page. Successful exploitation enables arbitrary JavaScript execution, potentially leading to session theft, unauthorized account actions, or further attacks against users of the affected realm. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-37980, GHSA-m32f-8vh9-2hh3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfv-kzxe-3qg4 |
|
| 14 |
| url |
VCID-5gut-s9z6-u3gs |
| vulnerability_id |
VCID-5gut-s9z6-u3gs |
| summary |
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-2092, GHSA-wmxr-6j5f-838p
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5gut-s9z6-u3gs |
|
| 15 |
| url |
VCID-6fwf-utem-8bgx |
| vulnerability_id |
VCID-6fwf-utem-8bgx |
| summary |
A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.2.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 7 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 8 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 9 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 10 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 11 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 12 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 13 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 14 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 15 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 16 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 17 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 18 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 19 |
| vulnerability |
VCID-sa2j-p1w2-ebgj |
|
| 20 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 21 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 22 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 23 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 24 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 25 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 26 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 27 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 28 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 29 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3 |
|
|
| aliases |
CVE-2025-12110, GHSA-895x-rfqp-jh5c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6fwf-utem-8bgx |
|
| 16 |
| url |
VCID-6j4h-u22h-cubz |
| vulnerability_id |
VCID-6j4h-u22h-cubz |
| summary |
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/keycloak/keycloak |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/keycloak/keycloak |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2024-10270 |
| reference_id |
CVE-2024-10270 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2024-10270 |
|
| 14 |
|
| 15 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:10175 |
| reference_id |
RHSA-2024:10175 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:10175 |
|
| 16 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:10176 |
| reference_id |
RHSA-2024:10176 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:10176 |
|
| 17 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:10177 |
| reference_id |
RHSA-2024:10177 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:10177 |
|
| 18 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:10178 |
| reference_id |
RHSA-2024:10178 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:10178 |
|
| 19 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2321214 |
| reference_id |
show_bug.cgi?id=2321214 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2321214 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.0.6 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 2 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 3 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 4 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 5 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 6 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 7 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 8 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 9 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 10 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 11 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 12 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 13 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 14 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 15 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 16 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 17 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 18 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 19 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 20 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 21 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 22 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 23 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 24 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 25 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 26 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 27 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 28 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 29 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 30 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 31 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 32 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 33 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 34 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6 |
|
|
| aliases |
CVE-2024-10270, GHSA-wq8x-cg39-8mrr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6j4h-u22h-cubz |
|
| 17 |
| url |
VCID-6t42-926q-3bhd |
| vulnerability_id |
VCID-6t42-926q-3bhd |
| summary |
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://github.com/keycloak/keycloak/issues/43853 |
| reference_id |
43853 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/ |
|
|
| url |
https://github.com/keycloak/keycloak/issues/43853 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2025-12390 |
| reference_id |
CVE-2025-12390 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2025-12390 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:21370 |
| reference_id |
RHSA-2025:21370 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:21370 |
|
| 16 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:21371 |
| reference_id |
RHSA-2025:21371 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:21371 |
|
| 17 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:22088 |
| reference_id |
RHSA-2025:22088 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:22088 |
|
| 18 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:22089 |
| reference_id |
RHSA-2025:22089 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:22089 |
|
| 19 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2406793 |
| reference_id |
show_bug.cgi?id=2406793 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2406793 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 2 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 3 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 4 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 5 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 6 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 7 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 8 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 9 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 10 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 11 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 12 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 13 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 14 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 15 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 16 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 17 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 18 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 19 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 20 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 21 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 22 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 23 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 24 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 25 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 26 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 27 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 28 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 29 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 30 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 31 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 32 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 33 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 34 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 35 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 36 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0 |
|
|
| aliases |
CVE-2025-12390, GHSA-rg35-5v25-mqvp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6t42-926q-3bhd |
|
| 18 |
| url |
VCID-6vfq-3vub-zbdc |
| vulnerability_id |
VCID-6vfq-3vub-zbdc |
| summary |
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2023-6717 |
| reference_id |
CVE-2023-6717 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2023-6717 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1353 |
| reference_id |
RHSA-2024:1353 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1353 |
|
| 30 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1867 |
| reference_id |
RHSA-2024:1867 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1867 |
|
| 31 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1868 |
| reference_id |
RHSA-2024:1868 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1868 |
|
| 32 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:2945 |
| reference_id |
RHSA-2024:2945 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:2945 |
|
| 33 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:4057 |
| reference_id |
RHSA-2024:4057 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:4057 |
|
| 34 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2253952 |
| reference_id |
show_bug.cgi?id=2253952 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2253952 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 19 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 20 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 21 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 22 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 23 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 24 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 25 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 26 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 27 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 28 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 29 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 30 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 31 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 32 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 33 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 34 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 35 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 36 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 37 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 38 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 39 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 40 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 41 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 42 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 43 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 44 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 45 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3 |
|
|
| aliases |
CVE-2023-6717, GHSA-8rmm-gm28-pj8q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vfq-3vub-zbdc |
|
| 19 |
| url |
VCID-76xj-44n8-gfa4 |
| vulnerability_id |
VCID-76xj-44n8-gfa4 |
| summary |
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@23.0.5 |
| purl |
pkg:maven/org.keycloak/keycloak-services@23.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 17 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 18 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 19 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 20 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 21 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 22 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 23 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 24 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 25 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 26 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 27 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 28 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 29 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 30 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 31 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 32 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 33 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 34 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 35 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 36 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 37 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 38 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 39 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 40 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 41 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 42 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 43 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 44 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 45 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 46 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 47 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 48 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 49 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 50 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 51 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 52 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 53 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 54 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 55 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.5 |
|
|
| aliases |
CVE-2023-6484, GHSA-j628-q885-8gr5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-76xj-44n8-gfa4 |
|
| 20 |
| url |
VCID-7xus-anmm-9ba3 |
| vulnerability_id |
VCID-7xus-anmm-9ba3 |
| summary |
cross-site request forgery |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@12.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@12.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 9 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 10 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 11 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 12 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 13 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 14 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 15 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 16 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 17 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 18 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 19 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 20 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 21 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 22 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 23 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 24 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 25 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 26 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 27 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 28 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 29 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 30 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 31 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 32 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 33 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 34 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 35 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 36 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 37 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 38 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 39 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 40 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 41 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 42 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 43 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 44 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 45 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 46 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 47 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 48 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 49 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 50 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 51 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 52 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 53 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 54 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 55 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 56 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 57 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 58 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 59 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 60 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 61 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 62 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 63 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 64 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 65 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 66 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 67 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 68 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 69 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 70 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 71 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 72 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 73 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 74 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 75 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 76 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 77 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 78 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.2 |
|
|
| aliases |
CVE-2020-10770, GHSA-jh7q-5mwf-qvhw
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7xus-anmm-9ba3 |
|
| 21 |
| url |
VCID-82aq-wymj-ekby |
| vulnerability_id |
VCID-82aq-wymj-ekby |
| summary |
A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4874, GHSA-22rm-wp4x-v5cx
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-82aq-wymj-ekby |
|
| 22 |
| url |
VCID-85r1-z7c6-6bcb |
| vulnerability_id |
VCID-85r1-z7c6-6bcb |
| summary |
A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://github.com/keycloak/keycloak/issues/40446 |
| reference_id |
40446 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/ |
|
|
| url |
https://github.com/keycloak/keycloak/issues/40446 |
|
| 9 |
| reference_url |
https://github.com/keycloak/keycloak/pull/40520 |
| reference_id |
40520 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/ |
|
|
| url |
https://github.com/keycloak/keycloak/pull/40520 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2025-7365 |
| reference_id |
CVE-2025-7365 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2025-7365 |
|
| 13 |
|
| 14 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:11986 |
| reference_id |
RHSA-2025:11986 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:11986 |
|
| 15 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:11987 |
| reference_id |
RHSA-2025:11987 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:11987 |
|
| 16 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:12015 |
| reference_id |
RHSA-2025:12015 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:12015 |
|
| 17 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:12016 |
| reference_id |
RHSA-2025:12016 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:12016 |
|
| 18 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2378852 |
| reference_id |
show_bug.cgi?id=2378852 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2378852 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.1.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 2 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 3 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 4 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 5 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 6 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 7 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 8 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 9 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 10 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 11 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 12 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 13 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 14 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 15 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 16 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 17 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 18 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 19 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 20 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 21 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 22 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 23 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 24 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 25 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 26 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 27 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 28 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 29 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 30 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 31 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 32 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 33 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0 |
|
| 2 |
|
| 3 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.3.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 7 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 8 |
| vulnerability |
VCID-8txb-4xw8-aydm |
|
| 9 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 10 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 11 |
| vulnerability |
VCID-ec5w-983u-tbbz |
|
| 12 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 13 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 14 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 15 |
| vulnerability |
VCID-hdz7-3722-xfe6 |
|
| 16 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 17 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 18 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 19 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 20 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 21 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 22 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 23 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 24 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 25 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 26 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 27 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0 |
|
|
| aliases |
CVE-2025-7365, GHSA-xhpr-465j-7p9q
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-85r1-z7c6-6bcb |
|
| 23 |
| url |
VCID-8baa-m4rc-aqh5 |
| vulnerability_id |
VCID-8baa-m4rc-aqh5 |
| summary |
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.
### Original Description
A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.3.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 7 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 8 |
| vulnerability |
VCID-8txb-4xw8-aydm |
|
| 9 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 10 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 11 |
| vulnerability |
VCID-ec5w-983u-tbbz |
|
| 12 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 13 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 14 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 15 |
| vulnerability |
VCID-hdz7-3722-xfe6 |
|
| 16 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 17 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 18 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 19 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 20 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 21 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 22 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 23 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 24 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 25 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 26 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 27 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0 |
|
|
| aliases |
GHSA-gj52-35xm-gxjh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8baa-m4rc-aqh5 |
|
| 24 |
| url |
VCID-8fsf-kear-tyb2 |
| vulnerability_id |
VCID-8fsf-kear-tyb2 |
| summary |
A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: ["*"]`. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-37977, GHSA-5v8v-xvjv-57x7
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8fsf-kear-tyb2 |
|
| 25 |
| url |
VCID-8ga9-uqff-rfdw |
| vulnerability_id |
VCID-8ga9-uqff-rfdw |
| summary |
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/keycloak/keycloak |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/keycloak/keycloak |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2024-1132 |
| reference_id |
CVE-2024-1132 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2024-1132 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1860 |
| reference_id |
RHSA-2024:1860 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1860 |
|
| 31 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1861 |
| reference_id |
RHSA-2024:1861 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1861 |
|
| 32 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1862 |
| reference_id |
RHSA-2024:1862 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1862 |
|
| 33 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1864 |
| reference_id |
RHSA-2024:1864 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1864 |
|
| 34 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1866 |
| reference_id |
RHSA-2024:1866 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1866 |
|
| 35 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1867 |
| reference_id |
RHSA-2024:1867 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1867 |
|
| 36 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1868 |
| reference_id |
RHSA-2024:1868 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1868 |
|
| 37 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:2945 |
| reference_id |
RHSA-2024:2945 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:2945 |
|
| 38 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:3752 |
| reference_id |
RHSA-2024:3752 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:3752 |
|
| 39 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:3762 |
| reference_id |
RHSA-2024:3762 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:3762 |
|
| 40 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:3919 |
| reference_id |
RHSA-2024:3919 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:3919 |
|
| 41 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:3989 |
| reference_id |
RHSA-2024:3989 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:3989 |
|
| 42 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2262117 |
| reference_id |
show_bug.cgi?id=2262117 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2262117 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 19 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 20 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 21 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 22 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 23 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 24 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 25 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 26 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 27 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 28 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 29 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 30 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 31 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 32 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 33 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 34 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 35 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 36 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 37 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 38 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 39 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 40 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 41 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 42 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 43 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 44 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 45 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3 |
|
|
| aliases |
CVE-2024-1132, GHSA-72vp-xfrc-42xm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8ga9-uqff-rfdw |
|
| 26 |
| url |
VCID-a6bx-hkuu-zkg4 |
| vulnerability_id |
VCID-a6bx-hkuu-zkg4 |
| summary |
When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-7500, GHSA-hm32-hfmw-rhvg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a6bx-hkuu-zkg4 |
|
| 27 |
| url |
VCID-any2-t2rb-f3bz |
| vulnerability_id |
VCID-any2-t2rb-f3bz |
| summary |
Duplicate Advisory: Keycloak has a brute force login protection bypass |
| references |
| 0 |
| reference_url |
https://github.com/keycloak/keycloak |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/keycloak/keycloak |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.4 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 19 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 20 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 21 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 22 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 23 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 24 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 25 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 26 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 27 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 28 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 29 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 30 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 31 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 32 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 33 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 34 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 35 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 36 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 37 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 38 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 39 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 40 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 41 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 42 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 43 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 44 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.4 |
|
|
| aliases |
GHSA-8wm9-24qg-m5qj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-any2-t2rb-f3bz |
|
| 28 |
| url |
VCID-b7ak-4hjc-xuhh |
| vulnerability_id |
VCID-b7ak-4hjc-xuhh |
| summary |
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.3.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 7 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 8 |
| vulnerability |
VCID-8txb-4xw8-aydm |
|
| 9 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 10 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 11 |
| vulnerability |
VCID-ec5w-983u-tbbz |
|
| 12 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 13 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 14 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 15 |
| vulnerability |
VCID-hdz7-3722-xfe6 |
|
| 16 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 17 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 18 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 19 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 20 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 21 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 22 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 23 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 24 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 25 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 26 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 27 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0 |
|
|
| aliases |
CVE-2025-14083, GHSA-594w-2fwp-jwrc
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ak-4hjc-xuhh |
|
| 29 |
| url |
VCID-b8bu-q83t-mqgu |
| vulnerability_id |
VCID-b8bu-q83t-mqgu |
| summary |
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.5 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 19 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 20 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 21 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 22 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 23 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 24 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 25 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 26 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 27 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 28 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 29 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 30 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 31 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 32 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 33 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 34 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 35 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 36 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 37 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 38 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 39 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 40 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 41 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5 |
|
|
| aliases |
CVE-2024-4540, GHSA-69fp-7c8p-crjr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b8bu-q83t-mqgu |
|
| 30 |
| url |
VCID-c2nr-hks8-4qg1 |
| vulnerability_id |
VCID-c2nr-hks8-4qg1 |
| summary |
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@20.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@20.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 10 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 11 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 12 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 13 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 14 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 15 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 16 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 17 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 18 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 19 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 20 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 21 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 22 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 23 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 24 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 25 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 26 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 27 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 28 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 29 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 30 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 31 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 32 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 33 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 34 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 35 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 36 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 37 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 38 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 39 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 40 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 41 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 42 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 43 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 44 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 45 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 46 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 47 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 48 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 49 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 50 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 51 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 52 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 53 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 54 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 55 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 56 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 57 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 58 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 59 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 60 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 61 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 62 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 63 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 64 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.2 |
|
|
| aliases |
CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nr-hks8-4qg1 |
|
| 31 |
| url |
VCID-cbrs-98sn-mqfq |
| vulnerability_id |
VCID-cbrs-98sn-mqfq |
| summary |
multiple issues |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 20 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 21 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 22 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 23 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 24 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 25 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 26 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 27 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 28 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 29 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 30 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 31 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 32 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 33 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 34 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 35 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 36 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 37 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 38 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 39 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 40 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 41 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 42 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 43 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 44 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 45 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 46 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 47 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 48 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 49 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 50 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 51 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 52 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 53 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 54 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 55 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 56 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 57 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 58 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 59 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 60 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 61 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 62 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 63 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 64 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 65 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 66 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 67 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 68 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 69 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 70 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 71 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 72 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0 |
|
|
| aliases |
CVE-2020-1725, GHSA-p225-pc2x-4jpm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cbrs-98sn-mqfq |
|
| 32 |
| url |
VCID-cmpj-geab-aqc4 |
| vulnerability_id |
VCID-cmpj-geab-aqc4 |
| summary |
A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2023-3597 |
| reference_id |
CVE-2023-3597 |
| reference_type |
|
| scores |
| 0 |
| value |
5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2023-3597 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1866 |
| reference_id |
RHSA-2024:1866 |
| reference_type |
|
| scores |
| 0 |
| value |
5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1866 |
|
| 12 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1867 |
| reference_id |
RHSA-2024:1867 |
| reference_type |
|
| scores |
| 0 |
| value |
5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1867 |
|
| 13 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1868 |
| reference_id |
RHSA-2024:1868 |
| reference_type |
|
| scores |
| 0 |
| value |
5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1868 |
|
| 14 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2221760 |
| reference_id |
show_bug.cgi?id=2221760 |
| reference_type |
|
| scores |
| 0 |
| value |
5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2221760 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 19 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 20 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 21 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 22 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 23 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 24 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 25 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 26 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 27 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 28 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 29 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 30 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 31 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 32 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 33 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 34 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 35 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 36 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 37 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 38 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 39 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 40 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 41 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 42 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 43 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 44 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 45 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3 |
|
|
| aliases |
CVE-2023-3597, GHSA-4f53-xh3v-g8x4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cmpj-geab-aqc4 |
|
| 33 |
| url |
VCID-czza-hz45-5ka6 |
| vulnerability_id |
VCID-czza-hz45-5ka6 |
| summary |
A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4636, GHSA-f2hx-5fx3-hmcv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-czza-hz45-5ka6 |
|
| 34 |
| url |
VCID-ecc8-b6za-vqds |
| vulnerability_id |
VCID-ecc8-b6za-vqds |
| summary |
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3190, GHSA-q35r-vvhv-vx5h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ecc8-b6za-vqds |
|
| 35 |
| url |
VCID-ejyg-88gf-sfbh |
| vulnerability_id |
VCID-ejyg-88gf-sfbh |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@20.0.5 |
| purl |
pkg:maven/org.keycloak/keycloak-services@20.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 10 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 11 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 12 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 13 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 14 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 15 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 16 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 17 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 18 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 19 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 20 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 21 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 22 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 23 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 24 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 25 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 26 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 27 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 28 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 29 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 30 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 31 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 32 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 33 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 34 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 35 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 36 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 37 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 38 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 39 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 40 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 41 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 42 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 43 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 44 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 45 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 46 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 47 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 48 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 49 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 50 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 51 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 52 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 53 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 54 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 55 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 56 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 57 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 58 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 59 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 60 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 61 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 62 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@20.0.5 |
|
|
| aliases |
CVE-2022-1274, GHSA-m4fv-gm5m-4725, GMS-2023-528
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ejyg-88gf-sfbh |
|
| 36 |
| url |
VCID-epvz-duxp-tyf7 |
| vulnerability_id |
VCID-epvz-duxp-tyf7 |
| summary |
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3872, GHSA-cjm2-j6cm-6p6m
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-epvz-duxp-tyf7 |
|
| 37 |
| url |
VCID-f2m5-cwr1-ryc1 |
| vulnerability_id |
VCID-f2m5-cwr1-ryc1 |
| summary |
Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.
### Original Description
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.3.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 1 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 2 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 3 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 4 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 5 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 6 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 7 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 8 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 9 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 10 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 11 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 12 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 13 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 14 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 15 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 16 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 17 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 18 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 19 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 20 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 21 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3 |
|
|
| aliases |
GHSA-qj5r-2r5p-phc7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f2m5-cwr1-ryc1 |
|
| 38 |
| url |
VCID-feud-rr2t-tyfx |
| vulnerability_id |
VCID-feud-rr2t-tyfx |
| summary |
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.3.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 7 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 8 |
| vulnerability |
VCID-8txb-4xw8-aydm |
|
| 9 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 10 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 11 |
| vulnerability |
VCID-ec5w-983u-tbbz |
|
| 12 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 13 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 14 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 15 |
| vulnerability |
VCID-hdz7-3722-xfe6 |
|
| 16 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 17 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 18 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 19 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 20 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 21 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 22 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 23 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 24 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 25 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 26 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 27 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0 |
|
|
| aliases |
CVE-2026-1035, GHSA-m2w5-7xhv-w6fh
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-feud-rr2t-tyfx |
|
| 39 |
| url |
VCID-fmep-x7k1-37aj |
| vulnerability_id |
VCID-fmep-x7k1-37aj |
| summary |
multiple issues |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 20 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 21 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 22 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 23 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 24 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 25 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 26 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 27 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 28 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 29 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 30 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 31 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 32 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 33 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 34 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 35 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 36 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 37 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 38 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 39 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 40 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 41 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 42 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 43 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 44 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 45 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 46 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 47 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 48 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 49 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 50 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 51 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 52 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 53 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 54 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 55 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 56 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 57 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 58 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 59 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 60 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 61 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 62 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 63 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 64 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 65 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 66 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 67 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 68 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 69 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 70 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 71 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 72 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0 |
|
|
| aliases |
CVE-2020-14302
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fmep-x7k1-37aj |
|
| 40 |
| url |
VCID-fv39-cmv1-53bs |
| vulnerability_id |
VCID-fv39-cmv1-53bs |
| summary |
Keycloak is vulnerable to IDN homograph attack |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@18.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@18.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 10 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 11 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 12 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 13 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 14 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 15 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 16 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 17 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 18 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 19 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 20 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 21 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 22 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 23 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 24 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 25 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 26 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 27 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 28 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 29 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 30 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 31 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 32 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 33 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 34 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 35 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 36 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 37 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 38 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 39 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 40 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 41 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 42 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 43 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 44 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 45 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 46 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 47 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 48 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 49 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 50 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 51 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 52 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 53 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 54 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 55 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 56 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 57 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 58 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 59 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 60 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 61 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 62 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 63 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 64 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 65 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0 |
|
|
| aliases |
GHSA-mwm4-5qwr-g9pf, GMS-2022-1099
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fv39-cmv1-53bs |
|
| 41 |
| url |
VCID-gjsd-1tdx-yyff |
| vulnerability_id |
VCID-gjsd-1tdx-yyff |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@9.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@9.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 9 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 20 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 21 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 22 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 23 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 24 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 25 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 26 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 27 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 28 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 29 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 30 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 31 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 32 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 33 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 34 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 35 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 36 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 37 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 38 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 39 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 40 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 41 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 42 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 43 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 44 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 45 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 46 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 47 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 48 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 49 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 50 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 51 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 52 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 53 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 54 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 55 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 56 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 57 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 58 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 59 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 60 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 61 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 62 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 63 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 64 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 65 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 66 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 67 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 68 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 69 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 70 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 71 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 72 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 73 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 74 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 75 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 76 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 77 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 78 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 79 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 80 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 81 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
| 82 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2 |
|
|
| aliases |
CVE-2020-1727
|
| risk_score |
2.9 |
| exploitability |
0.5 |
| weighted_severity |
5.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gjsd-1tdx-yyff |
|
| 42 |
| url |
VCID-h6ky-xtx2-augv |
| vulnerability_id |
VCID-h6ky-xtx2-augv |
| summary |
Cross-site Scripting in keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@12.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@12.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 9 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 10 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 11 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 12 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 13 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 14 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 15 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 16 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 17 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 18 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 19 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 20 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 21 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 22 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 23 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 24 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 25 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 26 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 27 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 28 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 29 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 30 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 31 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 32 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 33 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 34 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 35 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 36 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 37 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 38 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 39 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 40 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 41 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 42 |
| vulnerability |
VCID-gxku-5esb-1qct |
|
| 43 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 44 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 45 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 46 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 47 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 48 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 49 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 50 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 51 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 52 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 53 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 54 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 55 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 56 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 57 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 58 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 59 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 60 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 61 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 62 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 63 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 64 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 65 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 66 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 67 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 68 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 69 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 70 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 71 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 72 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 73 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 74 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 75 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 76 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 77 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 78 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 79 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 80 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0 |
|
|
| aliases |
CVE-2020-10776, GHSA-484q-784p-8m5h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h6ky-xtx2-augv |
|
| 43 |
| url |
VCID-hx5h-m1z3-tfaj |
| vulnerability_id |
VCID-hx5h-m1z3-tfaj |
| summary |
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.5 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 19 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 20 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 21 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 22 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 23 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 24 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 25 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 26 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 27 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 28 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 29 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 30 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 31 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 32 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 33 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 34 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 35 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 36 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 37 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 38 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 39 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 40 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 41 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5 |
|
|
| aliases |
GHSA-4vrx-8phj-x3mg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hx5h-m1z3-tfaj |
|
| 44 |
| url |
VCID-j73m-qf3g-dqdp |
| vulnerability_id |
VCID-j73m-qf3g-dqdp |
| summary |
Keycloak vulnerable to privilege escalation on Token Exchange feature |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@18.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@18.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 10 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 11 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 12 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 13 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 14 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 15 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 16 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 17 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 18 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 19 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 20 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 21 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 22 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 23 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 24 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 25 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 26 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 27 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 28 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 29 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 30 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 31 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 32 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 33 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 34 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 35 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 36 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 37 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 38 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 39 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 40 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 41 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 42 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 43 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 44 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 45 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 46 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 47 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 48 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 49 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 50 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 51 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 52 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 53 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 54 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 55 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 56 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 57 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 58 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 59 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 60 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 61 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 62 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 63 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 64 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 65 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0 |
|
|
| aliases |
CVE-2022-1245, GHSA-75p6-52g3-rqc8, GMS-2022-1039
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j73m-qf3g-dqdp |
|
| 45 |
| url |
VCID-kdwj-wspq-1ket |
| vulnerability_id |
VCID-kdwj-wspq-1ket |
| summary |
Keycloak has Files or Directories Accessible to External Parties |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@15.1.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@15.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 20 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 21 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 22 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 23 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 24 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 25 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 26 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 27 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 28 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 29 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 30 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 31 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 32 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 33 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 34 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 35 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 36 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 37 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 38 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 39 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 40 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 41 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 42 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 43 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 44 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 45 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 46 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 47 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 48 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 49 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 50 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 51 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 52 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 53 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 54 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 55 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 56 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 57 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 58 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 59 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 60 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 61 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 62 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 63 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 64 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 65 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 66 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 67 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 68 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 69 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 70 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0 |
|
|
| aliases |
CVE-2021-3856, GHSA-3w4v-rvc4-2xpw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kdwj-wspq-1ket |
|
| 46 |
| url |
VCID-kyss-1ab7-77ef |
| vulnerability_id |
VCID-kyss-1ab7-77ef |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 20 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 21 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 22 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 23 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 24 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 25 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 26 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 27 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 28 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 29 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 30 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 31 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 32 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 33 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 34 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 35 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 36 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 37 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 38 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 39 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 40 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 41 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 42 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 43 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 44 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 45 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 46 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 47 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 48 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 49 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 50 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 51 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 52 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 53 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 54 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 55 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 56 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 57 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 58 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 59 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 60 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 61 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 62 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 63 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 64 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 65 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 66 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 67 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 68 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 69 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 70 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 71 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 72 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0 |
|
|
| aliases |
CVE-2021-3513, GHSA-xv7h-95r7-595j
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kyss-1ab7-77ef |
|
| 47 |
| url |
VCID-mhqj-fy58-6fd6 |
| vulnerability_id |
VCID-mhqj-fy58-6fd6 |
| summary |
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.4.4 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 1 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 2 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 3 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 4 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 5 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 6 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 7 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 8 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 9 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 10 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 11 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 12 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 13 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 14 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 15 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 16 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 17 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 18 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 19 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 20 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4 |
|
|
| aliases |
CVE-2025-12150, GHSA-7g5x-9c4v-4w5r
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mhqj-fy58-6fd6 |
|
| 48 |
| url |
VCID-put6-zqp1-dkhj |
| vulnerability_id |
VCID-put6-zqp1-dkhj |
| summary |
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3911, GHSA-xh32-c9wx-phrp
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-put6-zqp1-dkhj |
|
| 49 |
| url |
VCID-pvrr-mmx8-4kg6 |
| vulnerability_id |
VCID-pvrr-mmx8-4kg6 |
| summary |
Cross-site Scripting in Keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@17.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@17.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 10 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 11 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 12 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 13 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 14 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 15 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 16 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 17 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 18 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 19 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 20 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 21 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 22 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 23 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 24 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 25 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 26 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 27 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 28 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 29 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 30 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 31 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 32 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 33 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 34 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 35 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 36 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 37 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 38 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 39 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 40 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 41 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 42 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 43 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 44 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 45 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 46 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 47 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 48 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 49 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 50 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 51 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 52 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 53 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 54 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 55 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 56 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 57 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 58 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 59 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 60 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 61 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 62 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 63 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 64 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 65 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 66 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 67 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 68 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@17.0.0 |
|
|
| aliases |
CVE-2021-20323, GHSA-xpgc-j48j-jwv9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pvrr-mmx8-4kg6 |
|
| 50 |
| url |
VCID-r4g2-4531-buaw |
| vulnerability_id |
VCID-r4g2-4531-buaw |
| summary |
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://github.com/advisories/GHSA-2cww-fgmg-4jqc |
| reference_id |
GHSA-2cww-fgmg-4jqc |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
HIGH |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/ |
|
|
| url |
https://github.com/advisories/GHSA-2cww-fgmg-4jqc |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.5 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 19 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 20 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 21 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 22 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 23 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 24 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 25 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 26 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 27 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 28 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 29 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 30 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 31 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 32 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 33 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 34 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 35 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 36 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 37 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 38 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 39 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 40 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 41 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5 |
|
|
| aliases |
CVE-2024-3656, GHSA-2cww-fgmg-4jqc
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r4g2-4531-buaw |
|
| 51 |
| url |
VCID-rpxq-j9uk-2bek |
| vulnerability_id |
VCID-rpxq-j9uk-2bek |
| summary |
A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 19 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 20 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 21 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 22 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 23 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 24 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 25 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 26 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 27 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 28 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 29 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 30 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 31 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 32 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 33 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 34 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 35 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 36 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 37 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 38 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 39 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 40 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 41 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 42 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 43 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 44 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 45 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3 |
|
|
| aliases |
CVE-2024-2419, GHSA-mrv8-pqfj-7gp5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rpxq-j9uk-2bek |
|
| 52 |
| url |
VCID-rvcz-9csv-gfb4 |
| vulnerability_id |
VCID-rvcz-9csv-gfb4 |
| summary |
directory traversal |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@12.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@12.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 9 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 10 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 11 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 12 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 13 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 14 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 15 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 16 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 17 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 18 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 19 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 20 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 21 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 22 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 23 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 24 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 25 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 26 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 27 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 28 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 29 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 30 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 31 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 32 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 33 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 34 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 35 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 36 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 37 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 38 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 39 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 40 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 41 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 42 |
| vulnerability |
VCID-gxku-5esb-1qct |
|
| 43 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 44 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 45 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 46 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 47 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 48 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 49 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 50 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 51 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 52 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 53 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 54 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 55 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 56 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 57 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 58 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 59 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 60 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 61 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 62 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 63 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 64 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 65 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 66 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 67 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 68 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 69 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 70 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 71 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 72 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 73 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 74 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 75 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 76 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 77 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 78 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 79 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 80 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0 |
|
|
| aliases |
CVE-2020-14366, GHSA-cp67-8w3w-6h9c
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rvcz-9csv-gfb4 |
|
| 53 |
| url |
VCID-sbyx-da8j-mqfx |
| vulnerability_id |
VCID-sbyx-da8j-mqfx |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@12.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@12.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 9 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 10 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 11 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 12 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 13 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 14 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 15 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 16 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 17 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 18 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 19 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 20 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 21 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 22 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 23 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 24 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 25 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 26 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 27 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 28 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 29 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 30 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 31 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 32 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 33 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 34 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 35 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 36 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 37 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 38 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 39 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 40 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 41 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 42 |
| vulnerability |
VCID-gxku-5esb-1qct |
|
| 43 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 44 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 45 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 46 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 47 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 48 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 49 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 50 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 51 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 52 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 53 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 54 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 55 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 56 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 57 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 58 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 59 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 60 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 61 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 62 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 63 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 64 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 65 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 66 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 67 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 68 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 69 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 70 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 71 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 72 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 73 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 74 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 75 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 76 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 77 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 78 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 79 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 80 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@12.0.0 |
|
|
| aliases |
CVE-2020-14389, GHSA-c9x9-xv66-xp3v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyx-da8j-mqfx |
|
| 54 |
| url |
VCID-shne-12fw-xfbw |
| vulnerability_id |
VCID-shne-12fw-xfbw |
| summary |
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-2603, GHSA-x4p7-7chp-64hq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-shne-12fw-xfbw |
|
| 55 |
| url |
VCID-szvd-anh6-sbeh |
| vulnerability_id |
VCID-szvd-anh6-sbeh |
| summary |
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2151618 |
| reference_id |
show_bug.cgi?id=2151618 |
| reference_type |
|
| scores |
| 0 |
| value |
10 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
10.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-12T19:43:33Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2151618 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@21.1.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@21.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 17 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 18 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 19 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 20 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 21 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 22 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 23 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 24 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 25 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 26 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 27 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 28 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 29 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 30 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 31 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 32 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 33 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 34 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 35 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 36 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 37 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 38 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 39 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 40 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 41 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 42 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 43 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 44 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 45 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 46 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 47 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 48 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 49 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 50 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 51 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 52 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 53 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 54 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 55 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 56 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 57 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 58 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 59 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2 |
|
|
| aliases |
CVE-2022-4361, GHSA-3p62-6fjh-3p5h
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-szvd-anh6-sbeh |
|
| 56 |
| url |
VCID-tazu-5mqv-vfaq |
| vulnerability_id |
VCID-tazu-5mqv-vfaq |
| summary |
Duplicate Advisory: Keycloak hostname verification
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.
# Original Description
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.2.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 7 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 8 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 9 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 10 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 11 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 12 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 13 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 14 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 15 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 16 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 17 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 18 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 19 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 20 |
| vulnerability |
VCID-sa2j-p1w2-ebgj |
|
| 21 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 22 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 23 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 24 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 25 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 26 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 27 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 28 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 29 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 30 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2 |
|
|
| aliases |
GHSA-r934-w73g-v4p8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tazu-5mqv-vfaq |
|
| 57 |
| url |
VCID-thtq-yz7t-7kea |
| vulnerability_id |
VCID-thtq-yz7t-7kea |
| summary |
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4282, GHSA-hj93-h7pg-fh6v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-thtq-yz7t-7kea |
|
| 58 |
| url |
VCID-tjyr-75f3-d7ff |
| vulnerability_id |
VCID-tjyr-75f3-d7ff |
| summary |
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3429, GHSA-8g9r-9wjw-37j4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tjyr-75f3-d7ff |
|
| 59 |
| url |
VCID-tukn-mvay-tyb8 |
| vulnerability_id |
VCID-tukn-mvay-tyb8 |
| summary |
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 17 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 18 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 19 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 20 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 21 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 22 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 23 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 24 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 25 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 26 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 27 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 28 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 29 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 30 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 31 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 32 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 33 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 34 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 35 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 36 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 37 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 38 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 39 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 40 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 41 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 42 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 43 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 44 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 45 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 46 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 47 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 48 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 49 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 50 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 51 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 52 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 53 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 54 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.0 |
|
|
| aliases |
CVE-2024-1722, GHSA-cq42-vhv7-xr7p
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tukn-mvay-tyb8 |
|
| 60 |
| url |
VCID-tyy7-1dkf-uufg |
| vulnerability_id |
VCID-tyy7-1dkf-uufg |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@19.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@19.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 10 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 11 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 12 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 13 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 14 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 15 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 16 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 17 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 18 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 19 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 20 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 21 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 22 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 23 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 24 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 25 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 26 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 27 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 28 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 29 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 30 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 31 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 32 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 33 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 34 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 35 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 36 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 37 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 38 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 39 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 40 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 41 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 42 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 43 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 44 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 45 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 46 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 47 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 48 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 49 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 50 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 51 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 52 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 53 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 54 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 55 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 56 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 57 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 58 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 59 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 60 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 61 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 62 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 63 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 64 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@19.0.0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@21.0.1 |
| purl |
pkg:maven/org.keycloak/keycloak-services@21.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 10 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 11 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 12 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 13 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 14 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 15 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 16 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 17 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 18 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 19 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 20 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 21 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 22 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 23 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 24 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 25 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 26 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 27 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 28 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 29 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 30 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 31 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 32 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 33 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 34 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 35 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 36 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 37 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 38 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 39 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 40 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 41 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 42 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 43 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 44 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 45 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 46 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 47 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 48 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 49 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 50 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 51 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 52 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 53 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 54 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 55 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 56 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 57 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 58 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 59 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 60 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 61 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 62 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.0.1 |
|
|
| aliases |
CVE-2023-0264, GHSA-9g98-5mj6-f9mv, GMS-2023-573
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tyy7-1dkf-uufg |
|
| 61 |
| url |
VCID-u1aa-s9ru-w3gf |
| vulnerability_id |
VCID-u1aa-s9ru-w3gf |
| summary |
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.
### Original Description
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.3.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 7 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 8 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 9 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 10 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 11 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 12 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 13 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 14 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 15 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 16 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 17 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 18 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 19 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 20 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 21 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 22 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 23 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2 |
|
|
| aliases |
GHSA-83j7-mhw9-388w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u1aa-s9ru-w3gf |
|
| 62 |
| url |
VCID-u2cc-wm39-4qax |
| vulnerability_id |
VCID-u2cc-wm39-4qax |
| summary |
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.2.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 7 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 8 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 9 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 10 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 11 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 12 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 13 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 14 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 15 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 16 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 17 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 18 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 19 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 20 |
| vulnerability |
VCID-sa2j-p1w2-ebgj |
|
| 21 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 22 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 23 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 24 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 25 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 26 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 27 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 28 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 29 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 30 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2 |
|
|
| aliases |
CVE-2025-3501, GHSA-hw58-3793-42gg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u2cc-wm39-4qax |
|
| 63 |
| url |
VCID-u9df-phf1-83gr |
| vulnerability_id |
VCID-u9df-phf1-83gr |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@15.1.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@15.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 20 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 21 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 22 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 23 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 24 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 25 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 26 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 27 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 28 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 29 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 30 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 31 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 32 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 33 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 34 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 35 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 36 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 37 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 38 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 39 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 40 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 41 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 42 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 43 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 44 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 45 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 46 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 47 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 48 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 49 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 50 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 51 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 52 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 53 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 54 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 55 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 56 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 57 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 58 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 59 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 60 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 61 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 62 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 63 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 64 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 65 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 66 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 67 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 68 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 69 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 70 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@15.1.0 |
|
|
| aliases |
CVE-2021-3632, GHSA-qpq9-jpv4-6gwr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u9df-phf1-83gr |
|
| 64 |
| url |
VCID-uaxm-zx64-jbas |
| vulnerability_id |
VCID-uaxm-zx64-jbas |
| summary |
A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 19 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 20 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 21 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 22 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 23 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 24 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 25 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 26 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 27 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 28 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 29 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 30 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 31 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 32 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 33 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 34 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 35 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 36 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 37 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 38 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 39 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 40 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 41 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 42 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 43 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 44 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 45 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3 |
|
|
| aliases |
CVE-2023-6544, GHSA-46c8-635v-68r2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uaxm-zx64-jbas |
|
| 65 |
| url |
VCID-ubx3-wzt9-p3fc |
| vulnerability_id |
VCID-ubx3-wzt9-p3fc |
| summary |
Keycloak Authentication Error |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@4.4.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-services@4.4.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-49ev-wsaa-4bbn |
|
| 9 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 10 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 11 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 12 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 13 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 14 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 15 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 16 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 17 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 18 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 19 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 20 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 21 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 22 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 23 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 24 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 25 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 26 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 27 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 28 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 29 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 30 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 31 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 32 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 33 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 34 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 35 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 36 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 37 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 38 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 39 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 40 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 41 |
| vulnerability |
VCID-gjsd-1tdx-yyff |
|
| 42 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 43 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 44 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 45 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 46 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 47 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 48 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 49 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 50 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 51 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 52 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 53 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 54 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 55 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 56 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 57 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 58 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 59 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 60 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 61 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 62 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 63 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 64 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 65 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 66 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 67 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 68 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 69 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 70 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 71 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 72 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 73 |
| vulnerability |
VCID-w5wa-m47v-7fhy |
|
| 74 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 75 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 76 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 77 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 78 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 79 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 80 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 81 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 82 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 83 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
| 84 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@4.4.0.Final |
|
|
| aliases |
CVE-2018-10894, GHSA-xvv8-8wh9-9fh2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ubx3-wzt9-p3fc |
|
| 66 |
| url |
VCID-udt9-gs91-8qgw |
| vulnerability_id |
VCID-udt9-gs91-8qgw |
| summary |
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 19 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 20 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 21 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 22 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 23 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 24 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 25 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 26 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 27 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 28 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 29 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 30 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 31 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 32 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 33 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 34 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 35 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 36 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 37 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 38 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 39 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 40 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 41 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 42 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 43 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 44 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 45 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3 |
|
|
| aliases |
CVE-2024-1249, GHSA-m6q9-p373-g5q8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-udt9-gs91-8qgw |
|
| 67 |
| url |
VCID-ugt9-3hnt-jkea |
| vulnerability_id |
VCID-ugt9-3hnt-jkea |
| summary |
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.
## Original Description
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.0.6 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 2 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 3 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 4 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 5 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 6 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 7 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 8 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 9 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 10 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 11 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 12 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 13 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 14 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 15 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 16 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 17 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 18 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 19 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 20 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 21 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 22 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 23 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 24 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 25 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 26 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 27 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 28 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 29 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 30 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 31 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 32 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 33 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 34 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6 |
|
|
| aliases |
GHSA-j3x3-r585-4qhg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ugt9-3hnt-jkea |
|
| 68 |
| url |
VCID-utd3-fu1x-augq |
| vulnerability_id |
VCID-utd3-fu1x-augq |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@23.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@23.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 17 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 18 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 19 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 20 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 21 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 22 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 23 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 24 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 25 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 26 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 27 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 28 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 29 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 30 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 31 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 32 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 33 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 34 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 35 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 36 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 37 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 38 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 39 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 40 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 41 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 42 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 43 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 44 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 45 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 46 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 47 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 48 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 49 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 50 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 51 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 52 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 53 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 54 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 55 |
| vulnerability |
VCID-xca5-697n-wkav |
|
| 56 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 57 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 58 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@23.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@23.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 17 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 18 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 19 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 20 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 21 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 22 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 23 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 24 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 25 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 26 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 27 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 28 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 29 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 30 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 31 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 32 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 33 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 34 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 35 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 36 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 37 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 38 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 39 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 40 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 41 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 42 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 43 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 44 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 45 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 46 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 47 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 48 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 49 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 50 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 51 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 52 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 53 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 54 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 55 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 56 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3 |
|
|
| aliases |
CVE-2023-6134, GHSA-cvg2-7c3j-g36j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-utd3-fu1x-augq |
|
| 69 |
| url |
VCID-uuj4-raj8-fqhp |
| vulnerability_id |
VCID-uuj4-raj8-fqhp |
| summary |
Duplicate Advisory: Keycloak Open Redirect vulnerability |
| references |
| 0 |
| reference_url |
https://github.com/keycloak/keycloak |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
7.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/keycloak/keycloak |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@25.0.6 |
| purl |
pkg:maven/org.keycloak/keycloak-services@25.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 2 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 3 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 4 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 5 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 6 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 7 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 8 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 9 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 10 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 11 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 12 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 13 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 14 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 15 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 16 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 17 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 18 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 19 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 20 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 21 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 22 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 23 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 24 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 25 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 26 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 27 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 28 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 29 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 30 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 31 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 32 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 33 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 34 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 35 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 36 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 37 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6 |
|
|
| aliases |
GHSA-vvf8-2h68-9475
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uuj4-raj8-fqhp |
|
| 70 |
| url |
VCID-uuxm-2f48-3qa5 |
| vulnerability_id |
VCID-uuxm-2f48-3qa5 |
| summary |
A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-4628, GHSA-4pgc-gfrr-wcmg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uuxm-2f48-3qa5 |
|
| 71 |
| url |
VCID-vcjc-hgjb-dqhs |
| vulnerability_id |
VCID-vcjc-hgjb-dqhs |
| summary |
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4634, GHSA-h4wv-g838-66g3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vcjc-hgjb-dqhs |
|
| 72 |
| url |
VCID-vrhh-6fx6-zqbw |
| vulnerability_id |
VCID-vrhh-6fx6-zqbw |
| summary |
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.5.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.5.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 1 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 2 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 3 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 4 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 5 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 6 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 7 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 8 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 9 |
| vulnerability |
VCID-ec5w-983u-tbbz |
|
| 10 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 11 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 12 |
| vulnerability |
VCID-hdz7-3722-xfe6 |
|
| 13 |
| vulnerability |
VCID-mdys-vw33-uqa1 |
|
| 14 |
| vulnerability |
VCID-p11z-217w-r3d3 |
|
| 15 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 16 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 17 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 18 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 19 |
| vulnerability |
VCID-ttpj-h8z5-tfgw |
|
| 20 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 21 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 22 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 23 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 24 |
| vulnerability |
VCID-yfgh-e1hw-1ff7 |
|
| 25 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0 |
|
|
| aliases |
CVE-2025-14082, GHSA-6q37-7866-h27j
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vrhh-6fx6-zqbw |
|
| 73 |
| url |
VCID-vse8-rcsa-8bg9 |
| vulnerability_id |
VCID-vse8-rcsa-8bg9 |
| summary |
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@23.0.1 |
| purl |
pkg:maven/org.keycloak/keycloak-services@23.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 17 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 18 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 19 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 20 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 21 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 22 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 23 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 24 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 25 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 26 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 27 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 28 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 29 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 30 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 31 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 32 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 33 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 34 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 35 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 36 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 37 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 38 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 39 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 40 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 41 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 42 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 43 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 44 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 45 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 46 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 47 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 48 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 49 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 50 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 51 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 52 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 53 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 54 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 55 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 56 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.1 |
|
|
| aliases |
CVE-2022-2232, GHSA-8hc5-rmgf-qx6p
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vse8-rcsa-8bg9 |
|
| 74 |
| url |
VCID-w5wa-m47v-7fhy |
| vulnerability_id |
VCID-w5wa-m47v-7fhy |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@9.0.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@9.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 9 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 20 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 21 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 22 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 23 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 24 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 25 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 26 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 27 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 28 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 29 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 30 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 31 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 32 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 33 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 34 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 35 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 36 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 37 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 38 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 39 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 40 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 41 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 42 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 43 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 44 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 45 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 46 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 47 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 48 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 49 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 50 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 51 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 52 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 53 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 54 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 55 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 56 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 57 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 58 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 59 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 60 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 61 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 62 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 63 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 64 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 65 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 66 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 67 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 68 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 69 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 70 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 71 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 72 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 73 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 74 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 75 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 76 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 77 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 78 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 79 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 80 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 81 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
| 82 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@9.0.2 |
|
|
| aliases |
CVE-2020-1744, GHSA-4gf2-xv97-63m2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w5wa-m47v-7fhy |
|
| 75 |
| url |
VCID-wfeg-6241-cucs |
| vulnerability_id |
VCID-wfeg-6241-cucs |
| summary |
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@23.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@23.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 17 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 18 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 19 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 20 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 21 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 22 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 23 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 24 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 25 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 26 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 27 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 28 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 29 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 30 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 31 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 32 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 33 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 34 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 35 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 36 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 37 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 38 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 39 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 40 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 41 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 42 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 43 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 44 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 45 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 46 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 47 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 48 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 49 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 50 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 51 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 52 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 53 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 54 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 55 |
| vulnerability |
VCID-xca5-697n-wkav |
|
| 56 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 57 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 58 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@23.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@23.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 17 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 18 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 19 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 20 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 21 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 22 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 23 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 24 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 25 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 26 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 27 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 28 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 29 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 30 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 31 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 32 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 33 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 34 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 35 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 36 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 37 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 38 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 39 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 40 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 41 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 42 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 43 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 44 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 45 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 46 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 47 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 48 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 49 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 50 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 51 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 52 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 53 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 54 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 55 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 56 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@23.0.3 |
|
|
| aliases |
CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfeg-6241-cucs |
|
| 76 |
| url |
VCID-wrdw-sj1s-bqbd |
| vulnerability_id |
VCID-wrdw-sj1s-bqbd |
| summary |
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.2.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 2 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 3 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 4 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 5 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 6 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 7 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 8 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 9 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 10 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 11 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 12 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 13 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 14 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 15 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 16 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 17 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 18 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 19 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 20 |
| vulnerability |
VCID-sa2j-p1w2-ebgj |
|
| 21 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 22 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 23 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 24 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 25 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 26 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 27 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 28 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 29 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 30 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2 |
|
|
| aliases |
CVE-2025-3910, GHSA-5jfq-x6xp-7rw2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wrdw-sj1s-bqbd |
|
| 77 |
| url |
VCID-wsdh-ap2m-5uat |
| vulnerability_id |
VCID-wsdh-ap2m-5uat |
| summary |
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-4325, GHSA-rx66-hj7g-28h7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wsdh-ap2m-5uat |
|
| 78 |
| url |
VCID-wwh9-7awg-h7g6 |
| vulnerability_id |
VCID-wwh9-7awg-h7g6 |
| summary |
A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-2575, GHSA-xv6h-r36f-3gp5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wwh9-7awg-h7g6 |
|
| 79 |
| url |
VCID-xg94-29ff-3bcy |
| vulnerability_id |
VCID-xg94-29ff-3bcy |
| summary |
multiple issues |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@18.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@18.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 10 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 11 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 12 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 13 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 14 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 15 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 16 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 17 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 18 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 19 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 20 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 21 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 22 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 23 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 24 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 25 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 26 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 27 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 28 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 29 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 30 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 31 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 32 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 33 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 34 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 35 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 36 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 37 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 38 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 39 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 40 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 41 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 42 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 43 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 44 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 45 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 46 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 47 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 48 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 49 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 50 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 51 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 52 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 53 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 54 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 55 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 56 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 57 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 58 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 59 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 60 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 61 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 62 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 63 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 64 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 65 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@18.0.0 |
|
|
| aliases |
CVE-2021-3424, GHSA-pf38-cw3p-22q9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xg94-29ff-3bcy |
|
| 80 |
| url |
VCID-xwcc-yenj-mfd3 |
| vulnerability_id |
VCID-xwcc-yenj-mfd3 |
| summary |
A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@24.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 19 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 20 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 21 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 22 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 23 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 24 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 25 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 26 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 27 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 28 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 29 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 30 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 31 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 32 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 33 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 34 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 35 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 36 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 37 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 38 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 39 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 40 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 41 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 42 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 43 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 44 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 45 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3 |
|
|
| aliases |
CVE-2023-6787, GHSA-c9h6-v78w-52wj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xwcc-yenj-mfd3 |
|
| 81 |
| url |
VCID-ybqw-pak9-jkc4 |
| vulnerability_id |
VCID-ybqw-pak9-jkc4 |
| summary |
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2023-2422 |
| reference_id |
CVE-2023-2422 |
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2023-2422 |
|
| 12 |
|
| 13 |
| reference_url |
https://access.redhat.com/errata/RHSA-2023:3883 |
| reference_id |
RHSA-2023:3883 |
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2023:3883 |
|
| 14 |
| reference_url |
https://access.redhat.com/errata/RHSA-2023:3884 |
| reference_id |
RHSA-2023:3884 |
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2023:3884 |
|
| 15 |
| reference_url |
https://access.redhat.com/errata/RHSA-2023:3885 |
| reference_id |
RHSA-2023:3885 |
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2023:3885 |
|
| 16 |
| reference_url |
https://access.redhat.com/errata/RHSA-2023:3888 |
| reference_id |
RHSA-2023:3888 |
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2023:3888 |
|
| 17 |
| reference_url |
https://access.redhat.com/errata/RHSA-2023:3892 |
| reference_id |
RHSA-2023:3892 |
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2023:3892 |
|
| 18 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2191668 |
| reference_id |
show_bug.cgi?id=2191668 |
| reference_type |
|
| scores |
| 0 |
| value |
5.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T18:15:34Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2191668 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@21.1.2 |
| purl |
pkg:maven/org.keycloak/keycloak-services@21.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 3 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 4 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 5 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 6 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 7 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 8 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 9 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 10 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 11 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 12 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 13 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 14 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 15 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 16 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 17 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 18 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 19 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 20 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 21 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 22 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 23 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 24 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 25 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 26 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 27 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 28 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 29 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 30 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 31 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 32 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 33 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 34 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 35 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 36 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 37 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 38 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 39 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 40 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 41 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 42 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 43 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 44 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 45 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 46 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 47 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 48 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 49 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 50 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 51 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 52 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 53 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 54 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 55 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 56 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 57 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 58 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 59 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@21.1.2 |
|
|
| aliases |
CVE-2023-2422, GHSA-3qh5-qqj2-c78f
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ybqw-pak9-jkc4 |
|
| 82 |
| url |
VCID-yy3c-aejz-1kdv |
| vulnerability_id |
VCID-yy3c-aejz-1kdv |
| summary |
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/keycloak/keycloak |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/keycloak/keycloak |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2024-4629 |
| reference_id |
CVE-2024-4629 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2024-4629 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6493 |
| reference_id |
RHSA-2024:6493 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6493 |
|
| 22 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6494 |
| reference_id |
RHSA-2024:6494 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6494 |
|
| 23 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6495 |
| reference_id |
RHSA-2024:6495 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6495 |
|
| 24 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6497 |
| reference_id |
RHSA-2024:6497 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6497 |
|
| 25 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6499 |
| reference_id |
RHSA-2024:6499 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6499 |
|
| 26 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6500 |
| reference_id |
RHSA-2024:6500 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6500 |
|
| 27 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6501 |
| reference_id |
RHSA-2024:6501 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6501 |
|
| 28 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2276761 |
| reference_id |
show_bug.cgi?id=2276761 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2276761 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:maven/org.keycloak/keycloak-services@25.0.4 |
| purl |
pkg:maven/org.keycloak/keycloak-services@25.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 2 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 3 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 4 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 5 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 6 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 7 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 8 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 9 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 10 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 11 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 12 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 13 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 14 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 15 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 16 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 17 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 18 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 19 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 20 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 21 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 22 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 23 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 24 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 25 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 26 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 27 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 28 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 29 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 30 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 31 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 32 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 33 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 34 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 35 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 36 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 37 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 38 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 39 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 40 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.4 |
|
|
| aliases |
CVE-2024-4629, GHSA-gc7q-jgjv-vjr2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yy3c-aejz-1kdv |
|
| 83 |
| url |
VCID-z8cr-qt2v-rkgn |
| vulnerability_id |
VCID-z8cr-qt2v-rkgn |
| summary |
multiple issues |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@13.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 7 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 8 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 9 |
| vulnerability |
VCID-4twr-q814-p7as |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 20 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 21 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 22 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 23 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 24 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 25 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 26 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 27 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 28 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 29 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 30 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 31 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 32 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 33 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 34 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 35 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 36 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 37 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 38 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 39 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 40 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 41 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 42 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 43 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 44 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 45 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 46 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 47 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 48 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 49 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 50 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 51 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 52 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 53 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 54 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 55 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 56 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 57 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 58 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 59 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 60 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 61 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 62 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 63 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 64 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 65 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 66 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 67 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 68 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 69 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 70 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 71 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 72 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@13.0.0 |
|
|
| aliases |
CVE-2020-27838, GHSA-pcv5-m2wh-66j3
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z8cr-qt2v-rkgn |
|
| 84 |
| url |
VCID-zjcz-6z84-6ub3 |
| vulnerability_id |
VCID-zjcz-6z84-6ub3 |
| summary |
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@26.5.3 |
| purl |
pkg:maven/org.keycloak/keycloak-services@26.5.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 1 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 2 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 3 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 4 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 5 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 6 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 7 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 8 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 9 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 10 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 11 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 12 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 13 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 14 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 15 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 16 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 17 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 18 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3 |
|
|
| aliases |
CVE-2026-1190, GHSA-63v5-26vq-m4vm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zjcz-6z84-6ub3 |
|
| 85 |
| url |
VCID-ztxp-j5gt-4qdb |
| vulnerability_id |
VCID-ztxp-j5gt-4qdb |
| summary |
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-services@10.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-services@10.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1j4m-w46h-zkhq |
|
| 1 |
| vulnerability |
VCID-1mxe-pmc8-63aw |
|
| 2 |
| vulnerability |
VCID-1z6p-w7um-2kbf |
|
| 3 |
| vulnerability |
VCID-32db-rsf2-h7hm |
|
| 4 |
| vulnerability |
VCID-38vg-nb6g-3kg8 |
|
| 5 |
| vulnerability |
VCID-39yc-g31q-u7gt |
|
| 6 |
| vulnerability |
VCID-3mcs-n479-zydu |
|
| 7 |
| vulnerability |
VCID-42w4-65kp-f7dy |
|
| 8 |
| vulnerability |
VCID-4b67-9tus-s7ds |
|
| 9 |
| vulnerability |
VCID-4taw-3r2y-eud6 |
|
| 10 |
| vulnerability |
VCID-4uf3-t2q9-5fcp |
|
| 11 |
| vulnerability |
VCID-4y2p-6e9v-ufh7 |
|
| 12 |
| vulnerability |
VCID-5cfv-kzxe-3qg4 |
|
| 13 |
| vulnerability |
VCID-5gut-s9z6-u3gs |
|
| 14 |
| vulnerability |
VCID-6fwf-utem-8bgx |
|
| 15 |
| vulnerability |
VCID-6j4h-u22h-cubz |
|
| 16 |
| vulnerability |
VCID-6t42-926q-3bhd |
|
| 17 |
| vulnerability |
VCID-6vfq-3vub-zbdc |
|
| 18 |
| vulnerability |
VCID-76xj-44n8-gfa4 |
|
| 19 |
| vulnerability |
VCID-7xus-anmm-9ba3 |
|
| 20 |
| vulnerability |
VCID-82aq-wymj-ekby |
|
| 21 |
| vulnerability |
VCID-85r1-z7c6-6bcb |
|
| 22 |
| vulnerability |
VCID-8baa-m4rc-aqh5 |
|
| 23 |
| vulnerability |
VCID-8fsf-kear-tyb2 |
|
| 24 |
| vulnerability |
VCID-8ga9-uqff-rfdw |
|
| 25 |
| vulnerability |
VCID-a6bx-hkuu-zkg4 |
|
| 26 |
| vulnerability |
VCID-any2-t2rb-f3bz |
|
| 27 |
| vulnerability |
VCID-b7ak-4hjc-xuhh |
|
| 28 |
| vulnerability |
VCID-b8bu-q83t-mqgu |
|
| 29 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 30 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 31 |
| vulnerability |
VCID-cmpj-geab-aqc4 |
|
| 32 |
| vulnerability |
VCID-czza-hz45-5ka6 |
|
| 33 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 34 |
| vulnerability |
VCID-ecc8-b6za-vqds |
|
| 35 |
| vulnerability |
VCID-ejyg-88gf-sfbh |
|
| 36 |
| vulnerability |
VCID-epvz-duxp-tyf7 |
|
| 37 |
| vulnerability |
VCID-f2m5-cwr1-ryc1 |
|
| 38 |
| vulnerability |
VCID-feud-rr2t-tyfx |
|
| 39 |
| vulnerability |
VCID-fmep-x7k1-37aj |
|
| 40 |
| vulnerability |
VCID-fv39-cmv1-53bs |
|
| 41 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 42 |
| vulnerability |
VCID-hx5h-m1z3-tfaj |
|
| 43 |
| vulnerability |
VCID-j73m-qf3g-dqdp |
|
| 44 |
| vulnerability |
VCID-kdwj-wspq-1ket |
|
| 45 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 46 |
| vulnerability |
VCID-mhqj-fy58-6fd6 |
|
| 47 |
| vulnerability |
VCID-put6-zqp1-dkhj |
|
| 48 |
| vulnerability |
VCID-pvrr-mmx8-4kg6 |
|
| 49 |
| vulnerability |
VCID-r4g2-4531-buaw |
|
| 50 |
| vulnerability |
VCID-rpxq-j9uk-2bek |
|
| 51 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 52 |
| vulnerability |
VCID-sbyx-da8j-mqfx |
|
| 53 |
| vulnerability |
VCID-shne-12fw-xfbw |
|
| 54 |
| vulnerability |
VCID-szvd-anh6-sbeh |
|
| 55 |
| vulnerability |
VCID-tazu-5mqv-vfaq |
|
| 56 |
| vulnerability |
VCID-thtq-yz7t-7kea |
|
| 57 |
| vulnerability |
VCID-tjyr-75f3-d7ff |
|
| 58 |
| vulnerability |
VCID-tukn-mvay-tyb8 |
|
| 59 |
| vulnerability |
VCID-tyy7-1dkf-uufg |
|
| 60 |
| vulnerability |
VCID-u1aa-s9ru-w3gf |
|
| 61 |
| vulnerability |
VCID-u2cc-wm39-4qax |
|
| 62 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 63 |
| vulnerability |
VCID-uaxm-zx64-jbas |
|
| 64 |
| vulnerability |
VCID-udt9-gs91-8qgw |
|
| 65 |
| vulnerability |
VCID-ugt9-3hnt-jkea |
|
| 66 |
| vulnerability |
VCID-utd3-fu1x-augq |
|
| 67 |
| vulnerability |
VCID-uuj4-raj8-fqhp |
|
| 68 |
| vulnerability |
VCID-uuxm-2f48-3qa5 |
|
| 69 |
| vulnerability |
VCID-vcjc-hgjb-dqhs |
|
| 70 |
| vulnerability |
VCID-vrhh-6fx6-zqbw |
|
| 71 |
| vulnerability |
VCID-vse8-rcsa-8bg9 |
|
| 72 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 73 |
| vulnerability |
VCID-wrdw-sj1s-bqbd |
|
| 74 |
| vulnerability |
VCID-wsdh-ap2m-5uat |
|
| 75 |
| vulnerability |
VCID-wwh9-7awg-h7g6 |
|
| 76 |
| vulnerability |
VCID-xg94-29ff-3bcy |
|
| 77 |
| vulnerability |
VCID-xwcc-yenj-mfd3 |
|
| 78 |
| vulnerability |
VCID-ybqw-pak9-jkc4 |
|
| 79 |
| vulnerability |
VCID-yy3c-aejz-1kdv |
|
| 80 |
| vulnerability |
VCID-z8cr-qt2v-rkgn |
|
| 81 |
| vulnerability |
VCID-zjcz-6z84-6ub3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@10.0.0 |
|
|
| aliases |
CVE-2020-1758, GHSA-c597-f74m-jgc2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxp-j5gt-4qdb |
|