Vulnerability Details CVE-2017-15111
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 3.6
References
- https://access.redhat.com/errata/RHSA-2019:2137
- https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440
- https://access.redhat.com/errata/RHSA-2019:2137
- https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440
Products affected by CVE-2017-15111
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.1
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.2
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.3
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.4
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.5
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.6
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.7