EPSS
Percentile
73.5%
It was found that keycloak’s implementation of HMAC verification for JWS tokens uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
bugzilla.redhat.com/show_bug.cgi?id=1412376