Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-core@15.0.1
Typemaven
Namespaceorg.keycloak
Namekeycloak-core
Version15.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.1.3
Latest_non_vulnerable_version26.1.3
Affected_by_vulnerabilities
0
url VCID-3jtq-par5-tuax
vulnerability_id VCID-3jtq-par5-tuax
summary A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4028
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42754
published_at 2026-06-14T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42583
published_at 2026-06-11T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42745
published_at 2026-06-12T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42764
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4028
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4028
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4028
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
6
reference_url https://access.redhat.com/security/cve/CVE-2024-4028
reference_id CVE-2024-4028
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/
url https://access.redhat.com/security/cve/CVE-2024-4028
7
reference_url https://github.com/advisories/GHSA-q4xq-445g-g6ch
reference_id GHSA-q4xq-445g-g6ch
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4xq-445g-g6ch
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2276418
reference_id show_bug.cgi?id=2276418
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2276418
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@26.1.3
purl pkg:maven/org.keycloak/keycloak-core@26.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.1.3
aliases CVE-2024-4028, GHSA-q4xq-445g-g6ch
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jtq-par5-tuax
1
url VCID-b99p-3rqx-v7b4
vulnerability_id VCID-b99p-3rqx-v7b4
summary keycloak-core: mTLS passthrough
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10039
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27588
published_at 2026-06-14T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27578
published_at 2026-06-12T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.27603
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10039
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/35217
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/35217
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319217
reference_id 2319217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319217
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10039
reference_id CVE-2024-10039
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-10039
7
reference_url https://github.com/advisories/GHSA-93ww-43rr-79v3
reference_id GHSA-93ww-43rr-79v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93ww-43rr-79v3
8
reference_url https://access.redhat.com/errata/RHSA-2024:10175
reference_id RHSA-2024:10175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10175
9
reference_url https://access.redhat.com/errata/RHSA-2024:10176
reference_id RHSA-2024:10176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10176
10
reference_url https://access.redhat.com/errata/RHSA-2024:10177
reference_id RHSA-2024:10177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10177
11
reference_url https://access.redhat.com/errata/RHSA-2024:10178
reference_id RHSA-2024:10178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10178
12
reference_url https://access.redhat.com/errata/RHSA-2025:11645
reference_id RHSA-2025:11645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11645
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@26.0.6
purl pkg:maven/org.keycloak/keycloak-core@26.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.0.6
aliases CVE-2024-10039, GHSA-93ww-43rr-79v3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b99p-3rqx-v7b4
2
url VCID-bvmd-z1hf-5yef
vulnerability_id VCID-bvmd-z1hf-5yef
summary Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://access.redhat.com/security/cve/CVE-2024-7318
reference_id CVE-2024-7318
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2024-7318
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
reference_id CVE-2024-7318
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
3
reference_url https://github.com/advisories/GHSA-57rh-gr4v-j5f6
reference_id GHSA-57rh-gr4v-j5f6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57rh-gr4v-j5f6
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.0
purl pkg:maven/org.keycloak/keycloak-core@25.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-sg1r-gdub-fba1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0
aliases GHSA-57rh-gr4v-j5f6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvmd-z1hf-5yef
3
url VCID-c2nr-hks8-4qg1
vulnerability_id VCID-c2nr-hks8-4qg1
summary A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45709
published_at 2026-06-14T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45567
published_at 2026-06-11T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45714
published_at 2026-06-12T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45723
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
11
reference_url https://access.redhat.com/security/cve/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/security/cve/CVE-2022-3916
12
reference_url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
13
reference_url https://access.redhat.com/errata/RHSA-2022:8961
reference_id RHSA-2022:8961
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8961
14
reference_url https://access.redhat.com/errata/RHSA-2022:8962
reference_id RHSA-2022:8962
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8962
15
reference_url https://access.redhat.com/errata/RHSA-2022:8963
reference_id RHSA-2022:8963
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8963
16
reference_url https://access.redhat.com/errata/RHSA-2022:8964
reference_id RHSA-2022:8964
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8964
17
reference_url https://access.redhat.com/errata/RHSA-2022:8965
reference_id RHSA-2022:8965
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8965
18
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id RHSA-2023:1043
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1043
19
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id RHSA-2023:1044
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1044
20
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id RHSA-2023:1045
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1045
21
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id RHSA-2023:1047
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1047
22
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id RHSA-2023:1049
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1049
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
reference_id show_bug.cgi?id=2141404
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.2
purl pkg:maven/org.keycloak/keycloak-core@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-ejyg-88gf-sfbh
4
vulnerability VCID-m7ec-ad95-87aa
5
vulnerability VCID-sg1r-gdub-fba1
6
vulnerability VCID-srz9-395b-tkhj
7
vulnerability VCID-utd3-fu1x-augq
8
vulnerability VCID-wfeg-6241-cucs
9
vulnerability VCID-yb4r-xbbq-47en
10
vulnerability VCID-z5qm-jh27-skdr
11
vulnerability VCID-zha3-5yra-sfae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.2
aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nr-hks8-4qg1
4
url VCID-czc3-kxs3-yfdt
vulnerability_id VCID-czc3-kxs3-yfdt
summary Keycloak XSS via use of malicious payload as group name when creating new group from admin console
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0225
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.6682
published_at 2026-06-11T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66927
published_at 2026-06-14T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66913
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0225
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2040268
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2040268
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0225
reference_id CVE-2022-0225
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0225
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
reference_id GHSA-755v-r4x4-qf7m
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
6
reference_url https://github.com/advisories/GHSA-fqc7-5xxc-ph7r
reference_id GHSA-fqc7-5xxc-ph7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqc7-5xxc-ph7r
7
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
8
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
9
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
10
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
11
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
12
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
13
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@16.1.1
purl pkg:maven/org.keycloak/keycloak-core@16.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-c2nr-hks8-4qg1
4
vulnerability VCID-ejyg-88gf-sfbh
5
vulnerability VCID-m7ec-ad95-87aa
6
vulnerability VCID-pvrr-mmx8-4kg6
7
vulnerability VCID-q1jj-f5rg-57b1
8
vulnerability VCID-sg1r-gdub-fba1
9
vulnerability VCID-utd3-fu1x-augq
10
vulnerability VCID-wfeg-6241-cucs
11
vulnerability VCID-yb4r-xbbq-47en
12
vulnerability VCID-ymg3-rjrx-pkan
13
vulnerability VCID-z5qm-jh27-skdr
14
vulnerability VCID-zha3-5yra-sfae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@16.1.1
aliases CVE-2022-0225, GHSA-fqc7-5xxc-ph7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-czc3-kxs3-yfdt
5
url VCID-ejyg-88gf-sfbh
vulnerability_id VCID-ejyg-88gf-sfbh
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1274
reference_id
reference_type
scores
0
value 0.00993
scoring_system epss
scoring_elements 0.77334
published_at 2026-06-11T12:55:00Z
1
value 0.00993
scoring_system epss
scoring_elements 0.77404
published_at 2026-06-12T12:55:00Z
2
value 0.00993
scoring_system epss
scoring_elements 0.7742
published_at 2026-06-13T12:55:00Z
3
value 0.00993
scoring_system epss
scoring_elements 0.77411
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1274
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
4
reference_url https://github.com/keycloak/keycloak/pull/16764
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/16764
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
6
reference_url https://herolab.usd.de/security-advisories/usd-2021-0033
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://herolab.usd.de/security-advisories/usd-2021-0033
7
reference_url https://herolab.usd.de/security-advisories/usd-2021-0033/
reference_id
reference_type
scores
url https://herolab.usd.de/security-advisories/usd-2021-0033/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1274
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1274
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2073157
reference_id 2073157
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2073157
10
reference_url https://github.com/advisories/GHSA-m4fv-gm5m-4725
reference_id GHSA-m4fv-gm5m-4725
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4fv-gm5m-4725
11
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id RHSA-2023:1043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1043
12
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id RHSA-2023:1044
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1044
13
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id RHSA-2023:1045
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1045
14
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id RHSA-2023:1047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1047
15
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id RHSA-2023:1049
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1049
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.5
purl pkg:maven/org.keycloak/keycloak-core@20.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-m7ec-ad95-87aa
4
vulnerability VCID-sg1r-gdub-fba1
5
vulnerability VCID-utd3-fu1x-augq
6
vulnerability VCID-wfeg-6241-cucs
7
vulnerability VCID-yb4r-xbbq-47en
8
vulnerability VCID-z5qm-jh27-skdr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.5
aliases CVE-2022-1274, GHSA-m4fv-gm5m-4725, GMS-2023-528
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejyg-88gf-sfbh
6
url VCID-kdwj-wspq-1ket
vulnerability_id VCID-kdwj-wspq-1ket
summary Keycloak has Files or Directories Accessible to External Parties
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3856
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58953
published_at 2026-06-14T12:55:00Z
1
value 0.00364
scoring_system epss
scoring_elements 0.58963
published_at 2026-06-13T12:55:00Z
2
value 0.00364
scoring_system epss
scoring_elements 0.58952
published_at 2026-06-12T12:55:00Z
3
value 0.00364
scoring_system epss
scoring_elements 0.5884
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3856
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2010164
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2010164
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743
5
reference_url https://github.com/keycloak/keycloak/pull/8588
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8588
6
reference_url https://issues.redhat.com/browse/KEYCLOAK-19422
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-19422
7
reference_url https://access.redhat.com/security/cve/CVE-2021-3856
reference_id CVE-2021-3856
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3856
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3856
reference_id CVE-2021-3856
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3856
9
reference_url https://github.com/advisories/GHSA-3w4v-rvc4-2xpw
reference_id GHSA-3w4v-rvc4-2xpw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3w4v-rvc4-2xpw
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@15.1.0
purl pkg:maven/org.keycloak/keycloak-core@15.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-c2nr-hks8-4qg1
4
vulnerability VCID-czc3-kxs3-yfdt
5
vulnerability VCID-ejyg-88gf-sfbh
6
vulnerability VCID-m7ec-ad95-87aa
7
vulnerability VCID-pvrr-mmx8-4kg6
8
vulnerability VCID-q1jj-f5rg-57b1
9
vulnerability VCID-sg1r-gdub-fba1
10
vulnerability VCID-utd3-fu1x-augq
11
vulnerability VCID-wfeg-6241-cucs
12
vulnerability VCID-yb4r-xbbq-47en
13
vulnerability VCID-ymg3-rjrx-pkan
14
vulnerability VCID-z5qm-jh27-skdr
15
vulnerability VCID-zha3-5yra-sfae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.1.0
aliases CVE-2021-3856, GHSA-3w4v-rvc4-2xpw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdwj-wspq-1ket
7
url VCID-m7ec-ad95-87aa
vulnerability_id VCID-m7ec-ad95-87aa
summary 
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.

Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7260
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51885
published_at 2026-06-14T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.51758
published_at 2026-06-11T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.51888
published_at 2026-06-12T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.519
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7260
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id cpe:/a:redhat:build_keycloak:24
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2024-7260
reference_id CVE-2024-7260
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/security/cve/CVE-2024-7260
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7260
reference_id CVE-2024-7260
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7260
7
reference_url https://github.com/advisories/GHSA-g4gc-rh26-m3p5
reference_id GHSA-g4gc-rh26-m3p5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4gc-rh26-m3p5
8
reference_url https://access.redhat.com/errata/RHSA-2024:6502
reference_id RHSA-2024:6502
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/errata/RHSA-2024:6502
9
reference_url https://access.redhat.com/errata/RHSA-2024:6503
reference_id RHSA-2024:6503
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://access.redhat.com/errata/RHSA-2024:6503
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2301875
reference_id show_bug.cgi?id=2301875
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2301875
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.0
purl pkg:maven/org.keycloak/keycloak-core@25.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-sg1r-gdub-fba1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0
aliases CVE-2024-7260, GHSA-g4gc-rh26-m3p5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ec-ad95-87aa
8
url VCID-pvrr-mmx8-4kg6
vulnerability_id VCID-pvrr-mmx8-4kg6
summary Cross-site Scripting in Keycloak
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20323.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20323
reference_id
reference_type
scores
0
value 0.66054
scoring_system epss
scoring_elements 0.98539
published_at 2026-06-11T12:55:00Z
1
value 0.66054
scoring_system epss
scoring_elements 0.98543
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20323
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2013577
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2013577
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20323
reference_id CVE-2021-20323
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20323
5
reference_url https://github.com/advisories/GHSA-xpgc-j48j-jwv9
reference_id GHSA-xpgc-j48j-jwv9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpgc-j48j-jwv9
6
reference_url https://access.redhat.com/errata/RHSA-2022:0407
reference_id RHSA-2022:0407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0407
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@17.0.0
purl pkg:maven/org.keycloak/keycloak-core@17.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-c2nr-hks8-4qg1
4
vulnerability VCID-ejyg-88gf-sfbh
5
vulnerability VCID-m7ec-ad95-87aa
6
vulnerability VCID-q1jj-f5rg-57b1
7
vulnerability VCID-sg1r-gdub-fba1
8
vulnerability VCID-utd3-fu1x-augq
9
vulnerability VCID-wfeg-6241-cucs
10
vulnerability VCID-yb4r-xbbq-47en
11
vulnerability VCID-ymg3-rjrx-pkan
12
vulnerability VCID-z5qm-jh27-skdr
13
vulnerability VCID-zha3-5yra-sfae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.0
aliases CVE-2021-20323, GHSA-xpgc-j48j-jwv9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvrr-mmx8-4kg6
9
url VCID-q1jj-f5rg-57b1
vulnerability_id VCID-q1jj-f5rg-57b1
summary Improper authorization in Keycloak
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1466
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.364
published_at 2026-06-11T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36594
published_at 2026-06-14T12:55:00Z
2
value 0.00158
scoring_system epss
scoring_elements 0.36605
published_at 2026-06-13T12:55:00Z
3
value 0.00158
scoring_system epss
scoring_elements 0.3658
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1466
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2050228
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2050228
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
5
reference_url https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1466
reference_id CVE-2022-1466
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1466
7
reference_url https://github.com/advisories/GHSA-f32v-vf79-p29q
reference_id GHSA-f32v-vf79-p29q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f32v-vf79-p29q
8
reference_url https://access.redhat.com/errata/RHSA-2022:0449
reference_id RHSA-2022:0449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0449
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@17.0.1
purl pkg:maven/org.keycloak/keycloak-core@17.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-c2nr-hks8-4qg1
4
vulnerability VCID-ejyg-88gf-sfbh
5
vulnerability VCID-m7ec-ad95-87aa
6
vulnerability VCID-sg1r-gdub-fba1
7
vulnerability VCID-utd3-fu1x-augq
8
vulnerability VCID-wfeg-6241-cucs
9
vulnerability VCID-yb4r-xbbq-47en
10
vulnerability VCID-ymg3-rjrx-pkan
11
vulnerability VCID-z5qm-jh27-skdr
12
vulnerability VCID-zha3-5yra-sfae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.1
aliases CVE-2022-1466, GHSA-f32v-vf79-p29q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q1jj-f5rg-57b1
10
url VCID-sg1r-gdub-fba1
vulnerability_id VCID-sg1r-gdub-fba1
summary 
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.
A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7318
reference_id
reference_type
scores
0
value 0.00938
scoring_system epss
scoring_elements 0.76729
published_at 2026-06-14T12:55:00Z
1
value 0.00938
scoring_system epss
scoring_elements 0.76651
published_at 2026-06-11T12:55:00Z
2
value 0.00938
scoring_system epss
scoring_elements 0.7672
published_at 2026-06-12T12:55:00Z
3
value 0.00938
scoring_system epss
scoring_elements 0.76734
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7318
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id cpe:/a:redhat:build_keycloak:24
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2024-7318
reference_id CVE-2024-7318
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/security/cve/CVE-2024-7318
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
reference_id CVE-2024-7318
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7318
7
reference_url https://github.com/advisories/GHSA-xmmm-jw76-q7vg
reference_id GHSA-xmmm-jw76-q7vg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmmm-jw76-q7vg
8
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg
reference_id GHSA-xmmm-jw76-q7vg
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg
9
reference_url https://access.redhat.com/errata/RHSA-2024:6502
reference_id RHSA-2024:6502
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/errata/RHSA-2024:6502
10
reference_url https://access.redhat.com/errata/RHSA-2024:6503
reference_id RHSA-2024:6503
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://access.redhat.com/errata/RHSA-2024:6503
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2301876
reference_id show_bug.cgi?id=2301876
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2301876
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.7
purl pkg:maven/org.keycloak/keycloak-core@24.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7
1
url pkg:maven/org.keycloak/keycloak-core@25.0.4
purl pkg:maven/org.keycloak/keycloak-core@25.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.4
aliases CVE-2024-7318, GHSA-xmmm-jw76-q7vg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg1r-gdub-fba1
11
url VCID-u9df-phf1-83gr
vulnerability_id VCID-u9df-phf1-83gr
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
reference_id
reference_type
scores
0
value 0.00503
scoring_system epss
scoring_elements 0.66537
published_at 2026-06-11T12:55:00Z
1
value 0.00503
scoring_system epss
scoring_elements 0.66641
published_at 2026-06-14T12:55:00Z
2
value 0.00503
scoring_system epss
scoring_elements 0.66643
published_at 2026-06-13T12:55:00Z
3
value 0.00503
scoring_system epss
scoring_elements 0.66629
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
5
reference_url https://github.com/keycloak/keycloak/pull/8203
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8203
6
reference_url https://issues.redhat.com/browse/KEYCLOAK-18500
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-18500
7
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
8
reference_url https://access.redhat.com/security/cve/CVE-2021-3632
reference_id CVE-2021-3632
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3632
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
reference_id CVE-2021-3632
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
10
reference_url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
reference_id GHSA-qpq9-jpv4-6gwr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
11
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
12
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
13
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@15.1.0
purl pkg:maven/org.keycloak/keycloak-core@15.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-c2nr-hks8-4qg1
4
vulnerability VCID-czc3-kxs3-yfdt
5
vulnerability VCID-ejyg-88gf-sfbh
6
vulnerability VCID-m7ec-ad95-87aa
7
vulnerability VCID-pvrr-mmx8-4kg6
8
vulnerability VCID-q1jj-f5rg-57b1
9
vulnerability VCID-sg1r-gdub-fba1
10
vulnerability VCID-utd3-fu1x-augq
11
vulnerability VCID-wfeg-6241-cucs
12
vulnerability VCID-yb4r-xbbq-47en
13
vulnerability VCID-ymg3-rjrx-pkan
14
vulnerability VCID-z5qm-jh27-skdr
15
vulnerability VCID-zha3-5yra-sfae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.1.0
aliases CVE-2021-3632, GHSA-qpq9-jpv4-6gwr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9df-phf1-83gr
12
url VCID-utd3-fu1x-augq
vulnerability_id VCID-utd3-fu1x-augq
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-6134
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-6134
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6134
reference_id
reference_type
scores
0
value 0.02468
scoring_system epss
scoring_elements 0.85643
published_at 2026-06-14T12:55:00Z
1
value 0.02468
scoring_system epss
scoring_elements 0.85641
published_at 2026-06-12T12:55:00Z
2
value 0.02468
scoring_system epss
scoring_elements 0.8565
published_at 2026-06-13T12:55:00Z
3
value 0.02468
scoring_system epss
scoring_elements 0.85589
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6134
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6134
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6134
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2249673
reference_id 2249673
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2249673
8
reference_url https://github.com/advisories/GHSA-cvg2-7c3j-g36j
reference_id GHSA-cvg2-7c3j-g36j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cvg2-7c3j-g36j
9
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id RHSA-2023:7854
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7854
10
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id RHSA-2023:7855
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7855
11
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id RHSA-2023:7856
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7856
12
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id RHSA-2023:7857
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7857
13
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id RHSA-2023:7858
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7858
14
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id RHSA-2023:7860
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7860
15
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id RHSA-2023:7861
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7861
16
reference_url https://access.redhat.com/errata/RHSA-2024:0798
reference_id RHSA-2024:0798
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0798
17
reference_url https://access.redhat.com/errata/RHSA-2024:0799
reference_id RHSA-2024:0799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0799
18
reference_url https://access.redhat.com/errata/RHSA-2024:0800
reference_id RHSA-2024:0800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0800
19
reference_url https://access.redhat.com/errata/RHSA-2024:0801
reference_id RHSA-2024:0801
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0801
20
reference_url https://access.redhat.com/errata/RHSA-2024:0804
reference_id RHSA-2024:0804
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0804
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@23.0.0
purl pkg:maven/org.keycloak/keycloak-core@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-m7ec-ad95-87aa
4
vulnerability VCID-sg1r-gdub-fba1
5
vulnerability VCID-yb4r-xbbq-47en
6
vulnerability VCID-z5qm-jh27-skdr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0
aliases CVE-2023-6134, GHSA-cvg2-7c3j-g36j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utd3-fu1x-augq
13
url VCID-wfeg-6241-cucs
vulnerability_id VCID-wfeg-6241-cucs
summary A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39684
published_at 2026-06-14T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39694
published_at 2026-06-13T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39499
published_at 2026-06-11T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.3967
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
23
reference_url https://access.redhat.com/security/cve/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/security/cve/CVE-2023-6291
24
reference_url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
25
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id RHSA-2023:7854
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7854
26
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id RHSA-2023:7855
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7855
27
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id RHSA-2023:7856
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7856
28
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id RHSA-2023:7857
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7857
29
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id RHSA-2023:7858
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7858
30
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id RHSA-2023:7860
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7860
31
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id RHSA-2023:7861
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7861
32
reference_url https://access.redhat.com/errata/RHSA-2024:0798
reference_id RHSA-2024:0798
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2024:0798
33
reference_url https://access.redhat.com/errata/RHSA-2024:0799
reference_id RHSA-2024:0799
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2024:0799
34
reference_url https://access.redhat.com/errata/RHSA-2024:0800
reference_id RHSA-2024:0800
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2024:0800
35
reference_url https://access.redhat.com/errata/RHSA-2024:0801
reference_id RHSA-2024:0801
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2024:0801
36
reference_url https://access.redhat.com/errata/RHSA-2024:0804
reference_id RHSA-2024:0804
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2024:0804
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
reference_id show_bug.cgi?id=2251407
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@23.0.0
purl pkg:maven/org.keycloak/keycloak-core@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-m7ec-ad95-87aa
4
vulnerability VCID-sg1r-gdub-fba1
5
vulnerability VCID-yb4r-xbbq-47en
6
vulnerability VCID-z5qm-jh27-skdr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0
aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfeg-6241-cucs
14
url VCID-yb4r-xbbq-47en
vulnerability_id VCID-yb4r-xbbq-47en
summary keycloak-core: open redirect via "form_post.jwt" JARM response mode
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:0097
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0097
1
reference_url https://access.redhat.com/errata/RHSA-2024:0098
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0098
2
reference_url https://access.redhat.com/errata/RHSA-2024:0100
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0100
3
reference_url https://access.redhat.com/errata/RHSA-2024:0101
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0101
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6927
reference_id
reference_type
scores
0
value 0.00838
scoring_system epss
scoring_elements 0.75203
published_at 2026-06-14T12:55:00Z
1
value 0.00838
scoring_system epss
scoring_elements 0.75123
published_at 2026-06-11T12:55:00Z
2
value 0.00838
scoring_system epss
scoring_elements 0.75194
published_at 2026-06-12T12:55:00Z
3
value 0.00838
scoring_system epss
scoring_elements 0.75207
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6927
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2255027
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2255027
7
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
8
reference_url https://access.redhat.com/security/cve/CVE-2023-6927
reference_id CVE-2023-6927
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-6927
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6927
reference_id CVE-2023-6927
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6927
10
reference_url https://github.com/advisories/GHSA-9vm7-v8wj-3fqw
reference_id GHSA-9vm7-v8wj-3fqw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vm7-v8wj-3fqw
11
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
reference_id GHSA-9vm7-v8wj-3fqw
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw
12
reference_url https://access.redhat.com/errata/RHSA-2024:0094
reference_id RHSA-2024:0094
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0094
13
reference_url https://access.redhat.com/errata/RHSA-2024:0095
reference_id RHSA-2024:0095
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0095
14
reference_url https://access.redhat.com/errata/RHSA-2024:0096
reference_id RHSA-2024:0096
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:0096
15
reference_url https://access.redhat.com/errata/RHSA-2024:0798
reference_id RHSA-2024:0798
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0798
16
reference_url https://access.redhat.com/errata/RHSA-2024:0799
reference_id RHSA-2024:0799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0799
17
reference_url https://access.redhat.com/errata/RHSA-2024:0800
reference_id RHSA-2024:0800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0800
18
reference_url https://access.redhat.com/errata/RHSA-2024:0801
reference_id RHSA-2024:0801
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0801
19
reference_url https://access.redhat.com/errata/RHSA-2024:0804
reference_id RHSA-2024:0804
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0804
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@23.0.4
purl pkg:maven/org.keycloak/keycloak-core@23.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-m7ec-ad95-87aa
4
vulnerability VCID-sg1r-gdub-fba1
5
vulnerability VCID-z5qm-jh27-skdr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.4
aliases CVE-2023-6927, GHSA-9vm7-v8wj-3fqw, GMS-2024-51
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yb4r-xbbq-47en
15
url VCID-ymg3-rjrx-pkan
vulnerability_id VCID-ymg3-rjrx-pkan
summary Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/advisories/GHSA-755v-r4x4-qf7m
reference_id GHSA-755v-r4x4-qf7m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-755v-r4x4-qf7m
2
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
reference_id GHSA-755v-r4x4-qf7m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.0
purl pkg:maven/org.keycloak/keycloak-core@20.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-c2nr-hks8-4qg1
4
vulnerability VCID-ejyg-88gf-sfbh
5
vulnerability VCID-m7ec-ad95-87aa
6
vulnerability VCID-sg1r-gdub-fba1
7
vulnerability VCID-utd3-fu1x-augq
8
vulnerability VCID-wfeg-6241-cucs
9
vulnerability VCID-yb4r-xbbq-47en
10
vulnerability VCID-z5qm-jh27-skdr
11
vulnerability VCID-zha3-5yra-sfae
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.0
aliases GHSA-755v-r4x4-qf7m, GMS-2022-7509
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymg3-rjrx-pkan
16
url VCID-z5qm-jh27-skdr
vulnerability_id VCID-z5qm-jh27-skdr
summary A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6841
reference_id
reference_type
scores
0
value 0.00613
scoring_system epss
scoring_elements 0.70445
published_at 2026-06-14T12:55:00Z
1
value 0.00613
scoring_system epss
scoring_elements 0.70343
published_at 2026-06-11T12:55:00Z
2
value 0.00613
scoring_system epss
scoring_elements 0.70433
published_at 2026-06-12T12:55:00Z
3
value 0.00613
scoring_system epss
scoring_elements 0.70447
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6841
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/32837
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/32837
4
reference_url https://github.com/keycloak/keycloak/releases/tag/24.0.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/24.0.0
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4
reference_id cpe:/a:redhat:mobile_application_platform:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://access.redhat.com/security/cve/CVE-2023-6841
reference_id CVE-2023-6841
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/
url https://access.redhat.com/security/cve/CVE-2023-6841
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6841
reference_id CVE-2023-6841
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6841
12
reference_url https://github.com/advisories/GHSA-w97f-w3hq-36g2
reference_id GHSA-w97f-w3hq-36g2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w97f-w3hq-36g2
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254714
reference_id show_bug.cgi?id=2254714
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2254714
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@24.0.0
purl pkg:maven/org.keycloak/keycloak-core@24.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-m7ec-ad95-87aa
4
vulnerability VCID-sg1r-gdub-fba1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.0
aliases CVE-2023-6841, GHSA-w97f-w3hq-36g2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5qm-jh27-skdr
17
url VCID-zha3-5yra-sfae
vulnerability_id VCID-zha3-5yra-sfae
summary A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.53004
published_at 2026-06-14T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52877
published_at 2026-06-11T12:55:00Z
2
value 0.00291
scoring_system epss
scoring_elements 0.53006
published_at 2026-06-12T12:55:00Z
3
value 0.00291
scoring_system epss
scoring_elements 0.53021
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
reference_id 2158585
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
6
reference_url https://access.redhat.com/security/cve/CVE-2023-0091
reference_id CVE-2023-0091
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/
url https://access.redhat.com/security/cve/CVE-2023-0091
7
reference_url https://github.com/advisories/GHSA-v436-q368-hvgg
reference_id GHSA-v436-q368-hvgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v436-q368-hvgg
8
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id RHSA-2023:1043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1043
9
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id RHSA-2023:1044
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1044
10
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id RHSA-2023:1045
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1045
11
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id RHSA-2023:1047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1047
12
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id RHSA-2023:1049
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1049
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.3
purl pkg:maven/org.keycloak/keycloak-core@20.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jtq-par5-tuax
1
vulnerability VCID-b99p-3rqx-v7b4
2
vulnerability VCID-bvmd-z1hf-5yef
3
vulnerability VCID-ejyg-88gf-sfbh
4
vulnerability VCID-m7ec-ad95-87aa
5
vulnerability VCID-sg1r-gdub-fba1
6
vulnerability VCID-utd3-fu1x-augq
7
vulnerability VCID-wfeg-6241-cucs
8
vulnerability VCID-yb4r-xbbq-47en
9
vulnerability VCID-z5qm-jh27-skdr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.3
aliases CVE-2023-0091, GHSA-v436-q368-hvgg, GMS-2023-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zha3-5yra-sfae
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.0.1