Improve GHSA-vjr8-56p3-fmqq

Author: rgrc403-dev

advisories/github-reviewed/2025/12/GHSA-vjr8-56p3-fmqq/GHSA-vjr8-56p3-fmqq.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vjr8-56p3-fmqq",
-  "modified": "2025-12-02T01:21:33Z",
+  "modified": "2025-12-02T01:21:35Z",
   "published": "2025-12-02T01:21:33Z",
   "aliases": [
     "CVE-2025-10939"
   ],
-  "summary": "Keycloak unable to restrict access to the admin console",
+  "summary": "Uncontrolled Search Path Element and J2EE Misconfiguration: Entity Bean Declared Remote in org.keycloak:keycloak-quarkus-server",
   "details": "A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed.",
   "severity": [
     {
@@ -67,7 +67,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-427"
+      "CWE-427",
+      "CWE-8"
     ],
     "severity": "LOW",
     "github_reviewed": true,