From 9f6895ac4c6cea4bbb7e9c785d3d065aaa585d0b Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com>
Date: Tue, 26 Nov 2024 14:45:51 +0000
Subject: [PATCH] Adding fixed events for keycloak (#9249)

* Adding Fixed Advisory GHSA-5545-r4hg-rj4m for keycloak

* Adding Fixed Advisory GHSA-jgwc-jh89-rpgq for keycloak

* Adding Fixed Advisory GHSA-wq8x-cg39-8mrr for keycloak

* Adding Fixed Advisory GHSA-v7gv-xpgf-6395 for keycloak

* Adding Fixed Advisory GHSA-93ww-43rr-79v3 for keycloak

---------

Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
---
 keycloak.advisories.yaml | 46 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/keycloak.advisories.yaml b/keycloak.advisories.yaml
index 9adefbb398..630546d51a 100644
--- a/keycloak.advisories.yaml
+++ b/keycloak.advisories.yaml
@@ -69,6 +69,16 @@ advisories:
           type: component-vulnerability-mismatch
           note: CVE is being considered by the community a false positive. See https://github.com/keycloak/keycloak/issues/20226
 
+  - id: CGA-35hf-7pgf-4h7w
+    aliases:
+      - CVE-2024-10270
+      - GHSA-wq8x-cg39-8mrr
+    events:
+      - timestamp: 2024-11-26T14:41:58Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-3pq2-fxqj-78jp
     aliases:
       - CVE-2005-2945
@@ -147,6 +157,15 @@ advisories:
           type: vulnerability-record-analysis-contested
           note: CVE is being considered by the community a false positive. See https://github.com/FasterXML/jackson-databind/issues/3972 and https://github.com/anchore/grype/issues/1386
 
+  - id: CGA-67jq-hmm4-fvfg
+    aliases:
+      - GHSA-jgwc-jh89-rpgq
+    events:
+      - timestamp: 2024-11-26T14:41:55Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-6hcj-97r2-cmw6
     aliases:
       - CVE-2023-0657
@@ -380,6 +399,15 @@ advisories:
           type: component-vulnerability-mismatch
           note: CVE is being considered by the community a false positive. See https://github.com/anchore/grype/issues/1139
 
+  - id: CGA-mrjm-j8mg-qx79
+    aliases:
+      - GHSA-93ww-43rr-79v3
+    events:
+      - timestamp: 2024-11-26T14:42:05Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-mrv4-ccrx-m6pr
     aliases:
       - CVE-2017-12159
@@ -570,6 +598,15 @@ advisories:
         data:
           fixed-version: 24.0.3-r0
 
+  - id: CGA-vgrf-vwq6-4mrg
+    aliases:
+      - GHSA-v7gv-xpgf-6395
+    events:
+      - timestamp: 2024-11-26T14:42:01Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-vj69-5755-v554
     aliases:
       - CVE-2022-45935
@@ -617,6 +654,15 @@ advisories:
             Scanner is reporting that Keycloak v22.0.4  still vulnerable to this CVE.
             however this was fixed in an earlier version: v21.0.1. See https://github.com/advisories/GHSA-9g98-5mj6-f9mv
 
+  - id: CGA-x364-25j3-gjfx
+    aliases:
+      - GHSA-5545-r4hg-rj4m
+    events:
+      - timestamp: 2024-11-26T14:41:52Z
+        type: fixed
+        data:
+          fixed-version: 26.0.6-r0
+
   - id: CGA-x85m-654w-mjcj
     aliases:
       - CVE-2024-34447