Vulnerability Details : CVE-2017-2585
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2017-2585
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less