securitycheck/suppressed.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">

    <!-- Schwachstelle wird bei Keycloak im Code nicht benutzt -->
    <suppress>
        <notes><![CDATA[
   file name: bcprov-jdk15on-1.65.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.bouncycastle/bcprov\-jdk15on@.*$</packageUrl>
        <cve>CVE-2020-28052</cve>
    </suppress>

    <!-- Gatekeeper wird bei uns nicht benutzt -->
    <suppress>
        <notes><![CDATA[
   file name: keycloak-core-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl>
        <cve>CVE-2020-14359</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: keycloak-common-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl>
        <cve>CVE-2020-14359</cve>
    </suppress>

    <!-- Wir benutzen keinen “external identity provider“ -->
    <suppress>
        <notes><![CDATA[
   file name: keycloak-core-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl>
        <cve>CVE-2020-14302</cve>
    </suppress>

    <!-- CVEs don't have the correct fix versions, fixed in 12.0.2 [1]. -->
    <suppress>
        <notes><![CDATA[
   file name: keycloak-core-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl>
        <cve>CVE-2020-10770</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: keycloak-core-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl>
        <cve>CVE-2020-14302</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: keycloak-core-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl>
        <cve>CVE-2020-1725</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: keycloak-core-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl>
        <cve>CVE-2020-27838</cve>
    </suppress>

    <!-- CVEs don't have the correct fix versions, fixed in 12.0.2 [1]. -->
    <suppress>
        <notes><![CDATA[
   file name: keycloak-common-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl>
        <cve>CVE-2020-10770</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: keycloak-common-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl>
        <cve>CVE-2020-14302</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: keycloak-common-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl>
        <cve>CVE-2020-1725</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: keycloak-common-12.0.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl>
        <cve>CVE-2020-27838</cve>
    </suppress>

</suppressions>