{"url":"http://public2.vulnerablecode.io/api/packages/61548?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@17.0.1","type":"maven","namespace":"org.keycloak","name":"keycloak-core","version":"17.0.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"20.0.2","latest_non_vulnerable_version":"23.0.4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43014?format=json","vulnerability_id":"VCID-361y-pegm-gqbs","summary":"Improper authorization in Keycloak\nDue to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050228","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050228"},{"reference_url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt","reference_id":"","reference_type":"","scores":[],"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt"},{"reference_url":"https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076","reference_id":"","reference_type":"","scores":[],"url":"https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1466","reference_id":"CVE-2022-1466","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1466"},{"reference_url":"https://github.com/advisories/GHSA-f32v-vf79-p29q","reference_id":"GHSA-f32v-vf79-p29q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f32v-vf79-p29q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61548?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@17.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.1"}],"aliases":["CVE-2022-1466","GHSA-f32v-vf79-p29q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-361y-pegm-gqbs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.1"}