Search for vulnerabilities
Vulnerability details: VCID-mn1w-6pu4-aaar
Vulnerability ID VCID-mn1w-6pu4-aaar
Aliases CVE-2017-2582
GHSA-c77r-6f64-478q
Summary Moderate severity vulnerability that affects org.keycloak:keycloak-core
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-201 Insertion of Sensitive Information Into Sent Data
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2017:2808
rhas Important https://access.redhat.com/errata/RHSA-2017:2809
rhas Important https://access.redhat.com/errata/RHSA-2017:2810
rhas Important https://access.redhat.com/errata/RHSA-2017:2811
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3216
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3217
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3218
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3219
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3220
rhas Important https://access.redhat.com/errata/RHSA-2018:2740
rhas Important https://access.redhat.com/errata/RHSA-2018:2741
rhas Important https://access.redhat.com/errata/RHSA-2018:2742
rhas Important https://access.redhat.com/errata/RHSA-2018:2743
rhas Moderate https://access.redhat.com/errata/RHSA-2019:0136
rhas Moderate https://access.redhat.com/errata/RHSA-2019:0137
rhas Moderate https://access.redhat.com/errata/RHSA-2019:0139
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00669 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00674 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.00682 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.01999 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.01999 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.01999 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.01999 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
epss 0.02188 https://api.first.org/data/v1/epss?cve=CVE-2017-2582
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1410481
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-c77r-6f64-478q
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2017-2582
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-2582
cvssv3.1 5.9 http://www.securitytracker.com/id/1041707
generic_textual MODERATE http://www.securitytracker.com/id/1041707
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json
https://api.first.org/data/v1/epss?cve=CVE-2017-2582
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582
https://github.com/keycloak/keycloak/pull/3715/commits/0cb5ba0f6e83162d221681f47b470c3042eef237
http://www.securityfocus.com/bid/101046
http://www.securitytracker.com/id/1041707
1410481 https://bugzilla.redhat.com/show_bug.cgi?id=1410481
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
CVE-2017-2582 https://nvd.nist.gov/vuln/detail/CVE-2017-2582
GHSA-c77r-6f64-478q https://github.com/advisories/GHSA-c77r-6f64-478q
RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2808
RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2809
RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2810
RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2017:2811
RHSA-2017:3216 https://access.redhat.com/errata/RHSA-2017:3216
RHSA-2017:3217 https://access.redhat.com/errata/RHSA-2017:3217
RHSA-2017:3218 https://access.redhat.com/errata/RHSA-2017:3218
RHSA-2017:3219 https://access.redhat.com/errata/RHSA-2017:3219
RHSA-2017:3220 https://access.redhat.com/errata/RHSA-2017:3220
RHSA-2018:2740 https://access.redhat.com/errata/RHSA-2018:2740
RHSA-2018:2741 https://access.redhat.com/errata/RHSA-2018:2741
RHSA-2018:2742 https://access.redhat.com/errata/RHSA-2018:2742
RHSA-2018:2743 https://access.redhat.com/errata/RHSA-2018:2743
RHSA-2019:0136 https://access.redhat.com/errata/RHSA-2019:0136
RHSA-2019:0137 https://access.redhat.com/errata/RHSA-2019:0137
RHSA-2019:0139 https://access.redhat.com/errata/RHSA-2019:0139
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-2582
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-2582
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.securitytracker.com/id/1041707
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.56123
EPSS Score 0.00181
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.