Adding fixed events for keycloak (#9249)

* Adding Fixed Advisory GHSA-5545-r4hg-rj4m for keycloak * Adding Fixed Advisory GHSA-jgwc-jh89-rpgq for keycloak * Adding Fixed Advisory GHSA-wq8x-cg39-8mrr for keycloak * Adding Fixed Advisory GHSA-v7gv-xpgf-6395 for keycloak * Adding Fixed Advisory GHSA-93ww-43rr-79v3 for keycloak --------- Co-authored-by: octo-sts[bot] <[email protected]>
wolfi-dev · Nov 26, 2024 · 9f6895a · 9f6895a
1 parent 1cffb60
commit 9f6895a
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/keycloak.advisories.yaml b/keycloak.advisories.yaml
@@ -69,6 +69,16 @@ advisories:
           type: component-vulnerability-mismatch
           note: CVE is being considered by the community a false positive. See https://github.com/keycloak/keycloak/issues/20226
 
+  - id: CGA-35hf-7pgf-4h7w
+    aliases:
+      - CVE-2024-10270
+      - GHSA-wq8x-cg39-8mrr
+    events:
+      - timestamp: 2024-11-26T14:41:58Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-3pq2-fxqj-78jp
     aliases:
       - CVE-2005-2945
@@ -147,6 +157,15 @@ advisories:
           type: vulnerability-record-analysis-contested
           note: CVE is being considered by the community a false positive. See https://github.com/FasterXML/jackson-databind/issues/3972 and https://github.com/anchore/grype/issues/1386
 
+  - id: CGA-67jq-hmm4-fvfg
+    aliases:
+      - GHSA-jgwc-jh89-rpgq
+    events:
+      - timestamp: 2024-11-26T14:41:55Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-6hcj-97r2-cmw6
     aliases:
       - CVE-2023-0657
@@ -380,6 +399,15 @@ advisories:
           type: component-vulnerability-mismatch
           note: CVE is being considered by the community a false positive. See https://github.com/anchore/grype/issues/1139
 
+  - id: CGA-mrjm-j8mg-qx79
+    aliases:
+      - GHSA-93ww-43rr-79v3
+    events:
+      - timestamp: 2024-11-26T14:42:05Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-mrv4-ccrx-m6pr
     aliases:
       - CVE-2017-12159
@@ -570,6 +598,15 @@ advisories:
         data:
           fixed-version: 24.0.3-r0
 
+  - id: CGA-vgrf-vwq6-4mrg
+    aliases:
+      - GHSA-v7gv-xpgf-6395
+    events:
+      - timestamp: 2024-11-26T14:42:01Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-vj69-5755-v554
     aliases:
       - CVE-2022-45935
@@ -617,6 +654,15 @@ advisories:
             Scanner is reporting that Keycloak v22.0.4  still vulnerable to this CVE.
             however this was fixed in an earlier version: v21.0.1. See https://github.com/advisories/GHSA-9g98-5mj6-f9mv
 
+  - id: CGA-x364-25j3-gjfx
+    aliases:
+      - GHSA-5545-r4hg-rj4m
+    events:
+      - timestamp: 2024-11-26T14:41:52Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-x85m-654w-mjcj
     aliases:
       - CVE-2024-34447