Moderate severityNVD Advisory· Published Aug 23, 2022· Updated Jun 30, 2025
CVE-2020-35509
CVE-2020-35509
Description
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-coreMaven | < 14.0.0 | 14.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-rpj2-w6fr-79hcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-35509ghsaADVISORY
- access.redhat.com/security/cve/cve-2020-35509ghsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.javaghsaWEB
- github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bbghsaWEB
- github.com/keycloak/keycloak/pull/6330ghsaWEB
- github.com/keycloak/keycloak/pull/8067ghsaWEB
News mentions
0No linked articles in our index yet.