Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2025-13881

2.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 months, 3 weeks ago by @jopejoe1 Activity log

Created suggestion 2 months, 3 weeks ago
@jopejoe1 ignored
5 packages
- terraform-providers.keycloak
- python312Packages.python-keycloak
- python313Packages.python-keycloak
- python314Packages.python-keycloak
- terraform-providers.keycloak_keycloak
2 months, 3 weeks ago

Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.

References

https://access.redhat.com/security/cve/CVE-2025-13881 vdb-entryx_refsource_REDHAT
RHBZ#2418330 issue-trackingx_refsource_REDHAT
RHSA-2026:2365 x_refsource_REDHATvendor-advisory
RHSA-2026:2366 x_refsource_REDHATvendor-advisory

Affected products

keycloak

rhbk/keycloak-rhel9

*

rhbk/keycloak-rhel9-operator

*

rhbk/keycloak-operator-bundle

*

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.4.5
- nixpkgs-unstable 26.5.2
- nixos-unstable-small 26.5.2
nixos-25.11 -
- nixos-25.11-small 26.5.2
- nixpkgs-25.11-darwin 26.5.2

Ignored packages (5)

pkgs.terraform-providers.keycloak

None

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
nixos-25.11 -
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0
nixos-25.11 -
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable -
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.5.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 -
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@leona-ya Leona Maroni <nix@leona.is>
@NickCao Nick Cao <nickcao@nichi.co>
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>