Improve GHSA-rhgq-f8x5-j2jc

julianladisch · julianladisch · commit acc7dc77eb7c · 2026-05-13T12:43:59.000+02:00
diff --git a/advisories/github-reviewed/2026/03/GHSA-rhgq-f8x5-j2jc/GHSA-rhgq-f8x5-j2jc.json b/advisories/github-reviewed/2026/03/GHSA-rhgq-f8x5-j2jc/GHSA-rhgq-f8x5-j2jc.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rhgq-f8x5-j2jc",
-  "modified": "2026-04-13T17:55:01Z",
+  "modified": "2026-04-13T17:55:02Z",
   "published": "2026-03-23T12:30:30Z",
   "aliases": [
     "CVE-2026-4633"
   ],
-  "summary": "Keycloak's  identity-first login flow  exposes user information",
+  "summary": "Keycloak's identity-first login flow exposes user information",
   "details": "A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.",
   "severity": [
     {
@@ -25,17 +25,14 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "26.5.0"
+              "introduced": "0"
             },
             {
-              "fixed": "26.6.0"
+              "fixed": "26.4.12"
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "<= 26.5.6"
-      }
+      ]
     },
     {
       "package": {
@@ -47,10 +44,10 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "26.5.0"
             },
             {
-              "last_affected": "26.4.7"
+              "fixed": "26.6.1"
             }
           ]
         }

Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,12 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-rhgq-f8x5-j2jc",`
`4`		`- "modified": "2026-04-13T17:55:01Z",`
	`4`	`+ "modified": "2026-04-13T17:55:02Z",`
`5`	`5`	`"published": "2026-03-23T12:30:30Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-4633"`
`8`	`8`	`],`
`9`		`- "summary": "Keycloak's identity-first login flow exposes user information",`
	`9`	`+ "summary": "Keycloak's identity-first login flow exposes user information",`
`10`	`10`	`"details": "A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.",`
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`@@ -25,17 +25,14 @@`
`25`	`25`	`"type": "ECOSYSTEM",`
`26`	`26`	`"events": [`
`27`	`27`	`{`
`28`		`- "introduced": "26.5.0"`
	`28`	`+ "introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "fixed": "26.6.0"`
	`31`	`+ "fixed": "26.4.12"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`
`35`		`- ],`
`36`		`- "database_specific": {`
`37`		`- "last_known_affected_version_range": "<= 26.5.6"`
`38`		`- }`
	`35`	`+ ]`
`39`	`36`	`},`
`40`	`37`	`{`
`41`	`38`	`"package": {`
`@@ -47,10 +44,10 @@`
`47`	`44`	`"type": "ECOSYSTEM",`
`48`	`45`	`"events": [`
`49`	`46`	`{`
`50`		`- "introduced": "0"`
	`47`	`+ "introduced": "26.5.0"`
`51`	`48`	`},`
`52`	`49`	`{`
`53`		`- "last_affected": "26.4.7"`
	`50`	`+ "fixed": "26.6.1"`
`54`	`51`	`}`
`55`	`52`	`]`
`56`	`53`	`}`