Vulnerability Details CVE-2017-15112
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
- https://access.redhat.com/errata/RHSA-2019:2137
- https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75
- https://access.redhat.com/errata/RHSA-2019:2137
- https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75
Products affected by CVE-2017-15112
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.1
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.2
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.3
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.4
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.5
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.6
-
cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:0.7