CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
Percentile
22.7%
Vendor | Product | Version | CPE |
---|---|---|---|
org.keycloak\ | keycloak | core | cpe:2.3:a:org.keycloak\:keycloak:core:*:*:*:*:*:*:*:* |
access.redhat.com/security/cve/cve-2020-35509
bugzilla.redhat.com/show_bug.cgi?id=1912427
github.com/advisories/GHSA-rpj2-w6fr-79hc
github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76
github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb
github.com/keycloak/keycloak/pull/6330
github.com/keycloak/keycloak/pull/8067
nvd.nist.gov/vuln/detail/CVE-2020-35509