Search for vulnerabilities
Vulnerability details: VCID-rejf-mj3m-pqg6
Vulnerability ID VCID-rejf-mj3m-pqg6
Aliases CVE-2020-35509
GHSA-rpj2-w6fr-79hc
Summary Keycloak vulnerable to Improper Certificate Validation keycloak accepts an expired certificate by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity. This issue was partially fixed in version [13.0.1](https://github.com/keycloak/keycloak/pull/6330) and more completely fixed in version [14.0.0](https://github.com/keycloak/keycloak/pull/8067).
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-20 Improper Input Validation
CWE-295 Improper Certificate Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 4.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json
cvssv3.1 5.4 https://access.redhat.com/security/cve/cve-2020-35509
generic_textual MODERATE https://access.redhat.com/security/cve/cve-2020-35509
ssvc Track https://access.redhat.com/security/cve/cve-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2020-35509
cvssv3.1 5.4 https://bugzilla.redhat.com/show_bug.cgi?id=1912427
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1912427
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-rpj2-w6fr-79hc
cvssv3.1 5.4 https://github.com/keycloak/keycloak
generic_textual MODERATE https://github.com/keycloak/keycloak
cvssv3.1 5.4 https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76
generic_textual MODERATE https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76
cvssv3.1 5.4 https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb
generic_textual MODERATE https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb
cvssv3.1 5.4 https://github.com/keycloak/keycloak/pull/6330
generic_textual MODERATE https://github.com/keycloak/keycloak/pull/6330
cvssv3.1 5.4 https://github.com/keycloak/keycloak/pull/8067
generic_textual MODERATE https://github.com/keycloak/keycloak/pull/8067
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-35509
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2020-35509
archlinux Medium https://security.archlinux.org/AVG-2084
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json
https://access.redhat.com/security/cve/cve-2020-35509
https://api.first.org/data/v1/epss?cve=CVE-2020-35509
https://bugzilla.redhat.com/show_bug.cgi?id=1912427
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76
https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb
https://github.com/keycloak/keycloak/pull/6330
https://github.com/keycloak/keycloak/pull/8067
https://nvd.nist.gov/vuln/detail/CVE-2020-35509
ASA-202106-53 https://security.archlinux.org/ASA-202106-53
AVG-2084 https://security.archlinux.org/AVG-2084
cpe:2.3:a:redhat:keycloak:11.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:12.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:12.0.0:*:*:*:*:*:*:*
GHSA-rpj2-w6fr-79hc https://github.com/advisories/GHSA-rpj2-w6fr-79hc
RHSA-2021:3527 https://access.redhat.com/errata/RHSA-2021:3527
RHSA-2021:3528 https://access.redhat.com/errata/RHSA-2021:3528
RHSA-2021:3529 https://access.redhat.com/errata/RHSA-2021:3529
RHSA-2021:3534 https://access.redhat.com/errata/RHSA-2021:3534
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/cve-2020-35509
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-30T19:38:02Z/ Found at https://access.redhat.com/security/cve/cve-2020-35509
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1912427
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/pull/6330
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/pull/8067
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-35509
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.29298
EPSS Score 0.00105
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:03:38.749351+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-rpj2-w6fr-79hc/GHSA-rpj2-w6fr-79hc.json 37.0.0