Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jprv-e2zb-v7bb
Vulnerability ID VCID-jprv-e2zb-v7bb
Aliases CVE-2020-1717
GHSA-rvfc-g8j5-9ccf
Summary Generation of Error Message Containing Sensitive Information A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-209 Generation of Error Message Containing Sensitive Information
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 2.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2020-1717
cvssv3.1 2.7 https://bugzilla.redhat.com/show_bug.cgi?id=1796281
generic_textual LOW https://bugzilla.redhat.com/show_bug.cgi?id=1796281
cvssv3.1_qr LOW https://github.com/advisories/GHSA-rvfc-g8j5-9ccf
cvssv3.1 2.7 https://issues.jboss.org/browse/KEYCLOAK-12014
generic_textual LOW https://issues.jboss.org/browse/KEYCLOAK-12014
cvssv3.1 2.7 https://nvd.nist.gov/vuln/detail/CVE-2020-1717
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2020-1717
archlinux High https://security.archlinux.org/AVG-1332
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
https://api.first.org/data/v1/epss?cve=CVE-2020-1717
https://bugzilla.redhat.com/show_bug.cgi?id=1796281
https://issues.jboss.org/browse/KEYCLOAK-12014
AVG-1332 https://security.archlinux.org/AVG-1332
CVE-2020-1717 https://nvd.nist.gov/vuln/detail/CVE-2020-1717
GHSA-rvfc-g8j5-9ccf https://github.com/advisories/GHSA-rvfc-g8j5-9ccf
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1796281
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://issues.jboss.org/browse/KEYCLOAK-12014
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-1717
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.39902
EPSS Score 0.00183
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:49:25.151730+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/CVE-2020-1717.yml 38.0.0