-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.keycloak:keycloak-core | maven | < 14.0.0 | 14.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from missing timestamp validation in X509 direct grant authentication. The commit diff shows the fix added .validateTimestamps() to the validation chain in ValidateX509CertificateUsername.java. Prior to this fix, the certificate validation sequence only included checkRevocationStatus(), .validateKeyUsage(), and .validateExtendedKeyUsage(), but omitted critical time validity checks. This matches the CWE-295 description of improper certificate validation and explains why expired certificates were accepted.
JavaJavaOngoing coverage of React2Shell