CVE-2020-35509 - AskarLabs CVE Database

CVE-2020-35509

Vendor N/A

Product keycloak

Weakness CWE-20 · Input validation

Published August 23, 2022

Last update June 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.

Key dates

02Disclosure timeline

August 23, 2022 CVE published

June 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-35509 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation CVE-2020-25195 CVE-2018-25160 HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend CVE-2021-42853 Directory Traversal Delete/Read at AgentDiagnosticServlet CVE-2023-35798 Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability