CVE-2021-20202 log

Severity Medium
Remote No
Type Information disclosure
A security issue was found in keycloak before version 13.0.0. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory.
Group Package Affected Fixed Severity Status Ticket
AVG-1926 keycloak 12.0.4-1 13.0.0-1 High Fixed
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-6 AVG-1926 keycloak High multiple issues