Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-72vp-xfrc-42xm
Vulnerability from github
Published
2024-04-17 18:25
Modified
2024-07-30 21:52
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
Keycloak path traversal vulnerability in redirection validation
Details
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
Acknowledgements:
Special thanks to Axel Flamcourt for reporting this issue and helping us improve our project.
{ affected: [ { package: { ecosystem: "Maven", name: "org.keycloak:keycloak-services", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "22.0.10", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.keycloak:keycloak-services", }, ranges: [ { events: [ { introduced: "23.0.0", }, { fixed: "24.0.3", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-1132", ], database_specific: { cwe_ids: [ "CWE-22", ], github_reviewed: true, github_reviewed_at: "2024-04-17T18:25:08Z", nvd_published_at: "2024-04-17T14:15:07Z", severity: "HIGH", }, details: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.\n\n#### Acknowledgements:\nSpecial thanks to Axel Flamcourt for reporting this issue and helping us improve our project.", id: "GHSA-72vp-xfrc-42xm", modified: "2024-07-30T21:52:59Z", published: "2024-04-17T18:25:08Z", references: [ { type: "WEB", url: "https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1132", }, { type: "PACKAGE", url: "https://github.com/keycloak/keycloak", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262117", }, { type: "WEB", url: "https://access.redhat.com/security/cve/CVE-2024-1132", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:3989", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:3919", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:3762", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:3752", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:2945", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:1868", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:1867", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:1866", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:1864", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:1862", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:1861", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2024:1860", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", type: "CVSS_V4", }, ], summary: "Keycloak path traversal vulnerability in redirection validation", }
cve-2024-1132
Vulnerability from cvelistv5
Published
2024-04-17 13:21
Modified
2025-03-03 14:54
Severity ?
Summary
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 21.1.0 ≤ Version: 23.0.0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-1132", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T18:37:10.567431Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:59:39.871Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:26:30.564Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1860", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1860", }, { name: "RHSA-2024:1861", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1861", }, { name: "RHSA-2024:1862", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1862", }, { name: "RHSA-2024:1864", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1864", }, { name: "RHSA-2024:1866", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1866", }, { name: "RHSA-2024:1867", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1867", }, { name: "RHSA-2024:1868", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1868", }, { name: "RHSA-2024:2945", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2945", }, { name: "RHSA-2024:3752", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3752", }, { name: "RHSA-2024:3762", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3762", }, { name: "RHSA-2024:3919", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3919", }, { name: "RHSA-2024:3989", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3989", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-1132", }, { name: "RHBZ#2262117", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262117", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/keycloak/keycloak", defaultStatus: "unaffected", packageName: "keycloak", versions: [ { lessThan: "22.0.10", status: "affected", version: "21.1.0", versionType: "semver", }, { lessThan: "24.0.3", status: "affected", version: "23.0.0", versionType: "semver", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", ], defaultStatus: "affected", packageName: "mtr/mtr-operator-bundle", product: "Migration Toolkit for Runtimes 1 on RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.2-23", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", ], defaultStatus: "affected", packageName: "mtr/mtr-rhel8-operator", product: "Migration Toolkit for Runtimes 1 on RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.2-15", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", ], defaultStatus: "affected", packageName: "mtr/mtr-web-container-rhel8", product: "Migration Toolkit for Runtimes 1 on RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.2-16", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", ], defaultStatus: "affected", packageName: "mtr/mtr-web-executor-container-rhel8", product: "Migration Toolkit for Runtimes 1 on RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "1.2-14", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", ], defaultStatus: "affected", packageName: "mta/mta-windup-addon-rhel9", product: "MTA-6.2-RHEL-9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "6.2.3-2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:amq_broker:7.10", ], defaultStatus: "unaffected", packageName: "keycloak", product: "Red Hat AMQ Broker 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:amq_broker:7.11", ], defaultStatus: "unaffected", packageName: "keycloak", product: "Red Hat AMQ Broker 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:amq_broker:7.12", ], defaultStatus: "unaffected", packageName: "keycloak", product: "Red Hat AMQ Broker 7", vendor: "Red Hat", }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:22::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-operator-bundle", product: "Red Hat build of Keycloak 22", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "22.0.10-1", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:22::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9", product: "Red Hat build of Keycloak 22", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "22-13", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:build_keycloak:22::el9", ], defaultStatus: "affected", packageName: "rhbk/keycloak-rhel9-operator", product: "Red Hat build of Keycloak 22", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "22-16", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:build_keycloak:22", ], defaultStatus: "unaffected", packageName: "keycloak", product: "Red Hat build of Keycloak 22.0.10", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", ], defaultStatus: "affected", packageName: "rh-sso7-keycloak", product: "Red Hat Single Sign-On 7.6 for RHEL 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:18.0.13-1.redhat_00001.1.el7sso", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", ], defaultStatus: "affected", packageName: "rh-sso7-keycloak", product: "Red Hat Single Sign-On 7.6 for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:18.0.13-1.redhat_00001.1.el8sso", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", ], defaultStatus: "affected", packageName: "rh-sso7-keycloak", product: "Red Hat Single Sign-On 7.6 for RHEL 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:18.0.13-1.redhat_00001.1.el9sso", versionType: "rpm", }, ], }, { collectionURL: "https://catalog.redhat.com/software/containers/", cpes: [ "cpe:/a:redhat:rhosemc:1.0::el8", ], defaultStatus: "affected", packageName: "rh-sso-7/sso76-openshift-rhel8", product: "RHEL-8 based Middleware Containers", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7.6-46", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7.6", ], defaultStatus: "unaffected", packageName: "keycloak", product: "RHSSO 7.6.8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_registry:2", ], defaultStatus: "affected", packageName: "keycloak", product: "Red Hat build of Apicurio Registry 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quarkus:3", ], defaultStatus: "affected", packageName: "org.keycloak/keycloak-core", product: "Red Hat build of Quarkus", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_data_grid:8", ], defaultStatus: "unaffected", packageName: "org.wildfly.security-wildfly-elytron-parent", product: "Red Hat Data Grid 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7", ], defaultStatus: "unknown", packageName: "keycloak", product: "Red Hat Decision Manager 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_fuse:7", ], defaultStatus: "affected", packageName: "keycloak", product: "Red Hat Fuse 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_data_grid:7", ], defaultStatus: "unaffected", packageName: "keycloak", product: "Red Hat JBoss Data Grid 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:6", ], defaultStatus: "unknown", packageName: "keycloak", product: "Red Hat JBoss Enterprise Application Platform 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:7", ], defaultStatus: "unaffected", packageName: "keycloak", product: "Red Hat JBoss Enterprise Application Platform 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", ], defaultStatus: "affected", packageName: "keycloak", product: "Red Hat Process Automation 7", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Axel Flamcourt for reporting this issue.", }, ], datePublic: "2024-04-16T00:00:00.000Z", descriptions: [ { lang: "en", value: "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T14:54:33.245Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1860", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1860", }, { name: "RHSA-2024:1861", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1861", }, { name: "RHSA-2024:1862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1862", }, { name: "RHSA-2024:1864", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1864", }, { name: "RHSA-2024:1866", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1866", }, { name: "RHSA-2024:1867", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1867", }, { name: "RHSA-2024:1868", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1868", }, { name: "RHSA-2024:2945", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2945", }, { name: "RHSA-2024:3752", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3752", }, { name: "RHSA-2024:3762", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3762", }, { name: "RHSA-2024:3919", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3919", }, { name: "RHSA-2024:3989", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:3989", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-1132", }, { name: "RHBZ#2262117", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262117", }, ], timeline: [ { lang: "en", time: "2024-01-31T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-04-16T00:00:00+00:00", value: "Made public.", }, ], title: "Keycloak: path transversal in redirection validation", workarounds: [ { lang: "en", value: "No current mitigation is available for this vulnerability.", }, ], x_redhatCweChain: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-1132", datePublished: "2024-04-17T13:21:19.130Z", dateReserved: "2024-01-31T17:07:33.455Z", dateUpdated: "2025-03-03T14:54:33.245Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.