{"url":"http://public2.vulnerablecode.io/api/packages/57023?format=json","purl":"pkg:npm/keycloak-connect@3.2.1","type":"npm","namespace":"","name":"keycloak-connect","version":"3.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"13.0.0","latest_non_vulnerable_version":"23.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52586?format=json","vulnerability_id":"VCID-13dn-ke8h-67ez","summary":"Insufficient Session Expiration\nA flaw was found in Keycloak. This flaw allows a malicious user that is currently logged-in, to see the personal information of a previously logged-out user in the account manager section.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33175","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800527","reference_id":"1800527","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800527"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1724","reference_id":"CVE-2020-1724","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76957?format=json","purl":"pkg:npm/keycloak-connect@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.2"}],"aliases":["CVE-2020-1724","GHSA-8xj2-47xw-q78c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13dn-ke8h-67ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42329?format=json","vulnerability_id":"VCID-2qmw-afpp-7qa8","summary":"Improper Authentication\nA flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1718","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58922","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796756","reference_id":"1796756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796756"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1718","reference_id":"CVE-2020-1718","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1718"},{"reference_url":"https://github.com/advisories/GHSA-j229-2h63-rvh9","reference_id":"GHSA-j229-2h63-rvh9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j229-2h63-rvh9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76055?format=json","purl":"pkg:npm/keycloak-connect@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0"}],"aliases":["CVE-2020-1718","GHSA-j229-2h63-rvh9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40480?format=json","vulnerability_id":"VCID-5zh6-37gp-pbas","summary":"Improper Authentication\nThe SAML broker consumer endpoint in Keycloak ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14637","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53672","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14637"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637"},{"reference_url":"https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1627851","reference_id":"1627851","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1627851"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14637","reference_id":"CVE-2018-14637","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14637"},{"reference_url":"https://github.com/advisories/GHSA-gf2j-7qwg-4f5x","reference_id":"GHSA-gf2j-7qwg-4f5x","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf2j-7qwg-4f5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57110?format=json","purl":"pkg:npm/keycloak-connect@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-9719-srgk-33dh"},{"vulnerability":"VCID-cg94-7n2h-7fac"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-djda-aqxt-s3e9"},{"vulnerability":"VCID-dx7u-4d6j-cfee"},{"vulnerability":"VCID-eucs-thxn-4kfv"},{"vulnerability":"VCID-p1cj-f4de-1qc4"},{"vulnerability":"VCID-prsa-264j-mfah"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-x24y-5nan-efg3"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zfgf-9455-d3fe"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.6.0"}],"aliases":["CVE-2018-14637","GHSA-gf2j-7qwg-4f5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh6-37gp-pbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41086?format=json","vulnerability_id":"VCID-9719-srgk-33dh","summary":"Improper Certificate Validation\nThe X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols (`http` or `ldap`) and hence the caller should verify the signature and possibly the certification path. Keycloak currently does not validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3875","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15078","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3875"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875"},{"reference_url":"http://www.securityfocus.com/bid/108748","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108748"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690628","reference_id":"1690628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690628"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3875","reference_id":"CVE-2019-3875","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3875"},{"reference_url":"https://github.com/advisories/GHSA-38cg-gg9j-q9j9","reference_id":"GHSA-38cg-gg9j-q9j9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-38cg-gg9j-q9j9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58212?format=json","purl":"pkg:npm/keycloak-connect@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dx7u-4d6j-cfee"},{"vulnerability":"VCID-kj7x-2shm-fqh1"},{"vulnerability":"VCID-p1cj-f4de-1qc4"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-x24y-5nan-efg3"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zfgf-9455-d3fe"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0"}],"aliases":["CVE-2019-3875","GHSA-38cg-gg9j-q9j9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9719-srgk-33dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51746?format=json","vulnerability_id":"VCID-cg94-7n2h-7fac","summary":"Improper Input Validation\nIt was found that Keycloak's account console did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10199","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26326","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1729261","reference_id":"1729261","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1729261"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10199","reference_id":"CVE-2019-10199","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10199"},{"reference_url":"https://github.com/advisories/GHSA-p5xp-6vpf-jwvh","reference_id":"GHSA-p5xp-6vpf-jwvh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p5xp-6vpf-jwvh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2483","reference_id":"RHSA-2019:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58212?format=json","purl":"pkg:npm/keycloak-connect@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dx7u-4d6j-cfee"},{"vulnerability":"VCID-kj7x-2shm-fqh1"},{"vulnerability":"VCID-p1cj-f4de-1qc4"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-x24y-5nan-efg3"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zfgf-9455-d3fe"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0"}],"aliases":["CVE-2019-10199","GHSA-p5xp-6vpf-jwvh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cg94-7n2h-7fac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52585?format=json","vulnerability_id":"VCID-cwqj-tnbj-3ubh","summary":"Information Exposure\nA logged exception in the `HttpMethod` class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1698","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16104","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1698"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698"},{"reference_url":"https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836"},{"reference_url":"https://github.com/keycloak/keycloak/pull/6751","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/6751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790292","reference_id":"1790292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790292"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1698","reference_id":"CVE-2020-1698","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76637?format=json","purl":"pkg:npm/keycloak-connect@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-psus-g9c1-vufx"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.0"}],"aliases":["CVE-2020-1698","GHSA-qgmm-f2qw-r95f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwqj-tnbj-3ubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53801?format=json","vulnerability_id":"VCID-dc8s-fqv5-1uhk","summary":"Improper Privilege Management\nIt was found that Keycloak would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14389","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3499","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875843","reference_id":"1875843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875843"},{"reference_url":"https://access.redhat.com/security/cve/cve-2020-14389","reference_id":"CVE-2020-14389","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2020-14389"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14389","reference_id":"CVE-2020-14389","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79155?format=json","purl":"pkg:npm/keycloak-connect@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-pu4g-rbu2-nbdb"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@12.0.0"}],"aliases":["CVE-2020-14389","GHSA-c9x9-xv66-xp3v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc8s-fqv5-1uhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40934?format=json","vulnerability_id":"VCID-djda-aqxt-s3e9","summary":"Information Exposure\nKeycloak allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user's browser session.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1140","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2998","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2998"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3868","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51125","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3868"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868"},{"reference_url":"http://www.securityfocus.com/bid/108061","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/108061"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679144","reference_id":"1679144","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679144"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3868","reference_id":"CVE-2019-3868","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3868"},{"reference_url":"https://github.com/advisories/GHSA-gc52-xj6p-9pxp","reference_id":"GHSA-gc52-xj6p-9pxp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gc52-xj6p-9pxp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0856","reference_id":"RHSA-2019:0856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0857","reference_id":"RHSA-2019:0857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0868","reference_id":"RHSA-2019:0868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57900?format=json","purl":"pkg:npm/keycloak-connect@6.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-9719-srgk-33dh"},{"vulnerability":"VCID-cg94-7n2h-7fac"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dx7u-4d6j-cfee"},{"vulnerability":"VCID-p1cj-f4de-1qc4"},{"vulnerability":"VCID-prsa-264j-mfah"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-x24y-5nan-efg3"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zfgf-9455-d3fe"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@6.0.1"}],"aliases":["CVE-2019-3868","GHSA-gc52-xj6p-9pxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djda-aqxt-s3e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51908?format=json","vulnerability_id":"VCID-dx7u-4d6j-cfee","summary":"Incorrect Authorization\nA flaw was found in the Keycloak REST API, where it would permit user access from a realm the user, was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14832.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14832.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14832","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59936","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14832"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14832"},{"reference_url":"https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/0b73685ccf3181115ae3936a578708630215ac23"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1749487","reference_id":"1749487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1749487"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14832","reference_id":"CVE-2019-14832","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76055?format=json","purl":"pkg:npm/keycloak-connect@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0"}],"aliases":["CVE-2019-14832","GHSA-8prc-58j4-m55q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx7u-4d6j-cfee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41085?format=json","vulnerability_id":"VCID-eucs-thxn-4kfv","summary":"Improper Authentication\nIt was found that Keycloak's Node.js adapter did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10157.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10157.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10157","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05385","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10157"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157"},{"reference_url":"https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-KEYCLOAKNODEJSCONNECT-449920","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-KEYCLOAKNODEJSCONNECT-449920"},{"reference_url":"https://www.npmjs.com/advisories/978","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/978"},{"reference_url":"http://www.securityfocus.com/bid/108734","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/108734"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702953","reference_id":"1702953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702953"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10157","reference_id":"CVE-2019-10157","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10157"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58211?format=json","purl":"pkg:npm/keycloak-connect@4.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-9719-srgk-33dh"},{"vulnerability":"VCID-cg94-7n2h-7fac"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-djda-aqxt-s3e9"},{"vulnerability":"VCID-dx7u-4d6j-cfee"},{"vulnerability":"VCID-p1cj-f4de-1qc4"},{"vulnerability":"VCID-prsa-264j-mfah"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-x24y-5nan-efg3"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zfgf-9455-d3fe"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.8.3"}],"aliases":["CVE-2019-10157","GHSA-68hw-vfh7-xvg8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eucs-thxn-4kfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40439?format=json","vulnerability_id":"VCID-g9qz-99pv-9bgw","summary":"URL Redirection to Untrusted Site (Open Redirect)\nThe Redirect URL for both Login and Logout are not normalized in `org.keycloak.protocol.oidc.utils.RedirectUtils` before the redirect url is verified. This can lead to an Open Redirection attack.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14658.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14658","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47225","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14658"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a957e118e6efb35fe7ef3a62acd66341a6523cb7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/a957e118e6efb35fe7ef3a62acd66341a6523cb7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625409","reference_id":"1625409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625409"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14658","reference_id":"CVE-2018-14658","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14658"},{"reference_url":"https://github.com/advisories/GHSA-3qh2-mccc-q5m6","reference_id":"GHSA-3qh2-mccc-q5m6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3qh2-mccc-q5m6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57024?format=json","purl":"pkg:npm/keycloak-connect@3.3.0-cr.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-5zh6-37gp-pbas"},{"vulnerability":"VCID-9719-srgk-33dh"},{"vulnerability":"VCID-cg94-7n2h-7fac"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-djda-aqxt-s3e9"},{"vulnerability":"VCID-dx7u-4d6j-cfee"},{"vulnerability":"VCID-eucs-thxn-4kfv"},{"vulnerability":"VCID-p1cj-f4de-1qc4"},{"vulnerability":"VCID-prsa-264j-mfah"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-x24y-5nan-efg3"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zfgf-9455-d3fe"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@3.3.0-cr.1"}],"aliases":["CVE-2018-14658","GHSA-3qh2-mccc-q5m6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9qz-99pv-9bgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41622?format=json","vulnerability_id":"VCID-p1cj-f4de-1qc4","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10170","reference_id":"","reference_type":"","scores":[{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73345","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721295","reference_id":"1721295","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721295"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10170","reference_id":"CVE-2019-10170","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10170"},{"reference_url":"https://github.com/advisories/GHSA-7m27-3587-83xf","reference_id":"GHSA-7m27-3587-83xf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7m27-3587-83xf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76055?format=json","purl":"pkg:npm/keycloak-connect@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0"}],"aliases":["CVE-2019-10170","GHSA-7m27-3587-83xf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1cj-f4de-1qc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51747?format=json","vulnerability_id":"VCID-prsa-264j-mfah","summary":"Improper Authentication\nIt was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the `<Signature>` sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10201","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33155","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728609","reference_id":"1728609","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728609"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10201","reference_id":"CVE-2019-10201","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10201"},{"reference_url":"https://github.com/advisories/GHSA-4fgq-gq9g-3rw7","reference_id":"GHSA-4fgq-gq9g-3rw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4fgq-gq9g-3rw7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2483","reference_id":"RHSA-2019:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58212?format=json","purl":"pkg:npm/keycloak-connect@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-dx7u-4d6j-cfee"},{"vulnerability":"VCID-kj7x-2shm-fqh1"},{"vulnerability":"VCID-p1cj-f4de-1qc4"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-x24y-5nan-efg3"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zfgf-9455-d3fe"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@7.0.0"}],"aliases":["CVE-2019-10201","GHSA-4fgq-gq9g-3rw7"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prsa-264j-mfah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52480?format=json","vulnerability_id":"VCID-wgzd-wv2e-pyhy","summary":"Improper Restriction of Rendered UI Layers or Frames\nA vulnerability was found in all versions of Keycloak where the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1728","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1728"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-12264","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-12264"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800585","reference_id":"1800585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800585"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1728","reference_id":"CVE-2020-1728","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3495","reference_id":"RHSA-2020:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3496","reference_id":"RHSA-2020:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3497","reference_id":"RHSA-2020:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3501","reference_id":"RHSA-2020:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3539","reference_id":"RHSA-2020:3539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4213","reference_id":"RHSA-2020:4213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4252","reference_id":"RHSA-2020:4252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4252"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61229?format=json","purl":"pkg:npm/keycloak-connect@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-y9de-4w6u-abfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0"}],"aliases":["CVE-2020-1728","GHSA-3gg7-9q2x-79fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgzd-wv2e-pyhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5540?format=json","vulnerability_id":"VCID-wt2c-cyu2-kbgm","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27838","reference_id":"","reference_type":"","scores":[{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99371","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906797","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906797"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7790"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27838","reference_id":"CVE-2020-27838","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27838"}],"fixed_packages":[],"aliases":["CVE-2020-27838","GHSA-pcv5-m2wh-66j3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2c-cyu2-kbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52226?format=json","vulnerability_id":"VCID-wuh8-4akm-2uae","summary":"Cross-site Scripting\nIn Keycloak, links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1697","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5192","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1697"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791538","reference_id":"1791538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791538"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1697","reference_id":"CVE-2020-1697","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1697"},{"reference_url":"https://github.com/advisories/GHSA-8vf3-4w62-m3pq","reference_id":"GHSA-8vf3-4w62-m3pq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8vf3-4w62-m3pq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76637?format=json","purl":"pkg:npm/keycloak-connect@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-psus-g9c1-vufx"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.0"}],"aliases":["CVE-2020-1697","GHSA-8vf3-4w62-m3pq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wuh8-4akm-2uae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52580?format=json","vulnerability_id":"VCID-x24y-5nan-efg3","summary":"Improper Privilege Management\nA flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running the application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10169.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10169","reference_id":"","reference_type":"","scores":[{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.70086","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10169"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568797","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-568797"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721302","reference_id":"1721302","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721302"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10169","reference_id":"CVE-2019-10169","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10169"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76055?format=json","purl":"pkg:npm/keycloak-connect@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0"}],"aliases":["CVE-2019-10169","GHSA-9c24-43p5-fv82"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x24y-5nan-efg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42322?format=json","vulnerability_id":"VCID-xghp-f8g9-akhn","summary":"Incorrect Permission Assignment for Critical Resource\nA flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1694","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51179","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790759","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790759"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1694","reference_id":"CVE-2020-1694","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1694"},{"reference_url":"https://github.com/advisories/GHSA-72j4-94rx-cr6w","reference_id":"GHSA-72j4-94rx-cr6w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-72j4-94rx-cr6w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61229?format=json","purl":"pkg:npm/keycloak-connect@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-y9de-4w6u-abfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@10.0.0"}],"aliases":["CVE-2020-1694","GHSA-72j4-94rx-cr6w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-f8g9-akhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42282?format=json","vulnerability_id":"VCID-y9de-4w6u-abfa","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50741","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428"},{"reference_url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776","reference_id":"CVE-2020-10776","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776"},{"reference_url":"https://github.com/advisories/GHSA-484q-784p-8m5h","reference_id":"GHSA-484q-784p-8m5h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-484q-784p-8m5h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79155?format=json","purl":"pkg:npm/keycloak-connect@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-pu4g-rbu2-nbdb"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@12.0.0"}],"aliases":["CVE-2020-10776","GHSA-484q-784p-8m5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52135?format=json","vulnerability_id":"VCID-zfgf-9455-d3fe","summary":"Information Exposure\nIt was found that keycloak exposes internal adapter endpoints in `org.keycloak.constants.AdapterConstants`, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14820","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54489","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14820"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649870","reference_id":"1649870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649870"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14820","reference_id":"CVE-2019-14820","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14820"},{"reference_url":"https://github.com/advisories/GHSA-xfqh-7356-vqjj","reference_id":"GHSA-xfqh-7356-vqjj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xfqh-7356-vqjj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3048","reference_id":"RHSA-2019:3048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3049","reference_id":"RHSA-2019:3049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76055?format=json","purl":"pkg:npm/keycloak-connect@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13dn-ke8h-67ez"},{"vulnerability":"VCID-cwqj-tnbj-3ubh"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-wuh8-4akm-2uae"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-zkxq-ejyr-8ba8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@8.0.0"}],"aliases":["CVE-2019-14820","GHSA-xfqh-7356-vqjj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfgf-9455-d3fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41481?format=json","vulnerability_id":"VCID-zkxq-ejyr-8ba8","summary":"Improper Handling of Exceptional Conditions\nA flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1744","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40898","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1744"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805792","reference_id":"1805792","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805792"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-1744","reference_id":"CVE-2020-1744","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-1744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1744","reference_id":"CVE-2020-1744","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1744"},{"reference_url":"https://github.com/advisories/GHSA-4gf2-xv97-63m2","reference_id":"GHSA-4gf2-xv97-63m2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4gf2-xv97-63m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0945","reference_id":"RHSA-2020:0945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0946","reference_id":"RHSA-2020:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0947","reference_id":"RHSA-2020:0947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0951","reference_id":"RHSA-2020:0951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76957?format=json","purl":"pkg:npm/keycloak-connect@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-dc8s-fqv5-1uhk"},{"vulnerability":"VCID-wgzd-wv2e-pyhy"},{"vulnerability":"VCID-wt2c-cyu2-kbgm"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y9de-4w6u-abfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@9.0.2"}],"aliases":["CVE-2020-1744","GHSA-4gf2-xv97-63m2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkxq-ejyr-8ba8"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@3.2.1"}