CVE-2020-35509 log

Source
Severity Medium
Remote Yes
Type Certificate verification bypass
Description
Depending on the webserver configuration, a malicious user can supply an expired certificate and it would be accepted by Keycloak direct-grant authenticator. This is because Keycloak does not trigger the appropriate timestamp validation.
Group Package Affected Fixed Severity Status Ticket
AVG-1332 keycloak 12.0.4-1 High Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1912427
https://issues.redhat.com/browse/KEYCLOAK-16450