CVE-2021-20202 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	A security issue was found in keycloak before version 13.0.0. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1926	keycloak	12.0.4-1	13.0.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
19 May 2021	ASA-202105-6	AVG-1926	keycloak	High	multiple issues

References
https://bugzilla.redhat.com/show_bug.cgi?id=1922128 https://issues.redhat.com/browse/KEYCLOAK-17000 https://github.com/keycloak/keycloak/pull/7859 https://github.com/keycloak/keycloak/commit/853a6d73276849877819f2dc23133557f6e1e601

References

https://bugzilla.redhat.com/show_bug.cgi?id=1922128
https://issues.redhat.com/browse/KEYCLOAK-17000
https://github.com/keycloak/keycloak/pull/7859
https://github.com/keycloak/keycloak/commit/853a6d73276849877819f2dc23133557f6e1e601