CVE-2021-20202 - log back

CVE-2021-20202 edited at 06 May 2021 17:56:05
Description
- A security issue was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory.
+ A security issue was found in keycloak before version 13.0.0. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory.
CVE-2021-20202 edited at 18 Mar 2021 12:48:55
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ A security issue was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1922128
+ https://issues.redhat.com/browse/KEYCLOAK-17000
+ https://github.com/keycloak/keycloak/pull/7859
+ https://github.com/keycloak/keycloak/commit/853a6d73276849877819f2dc23133557f6e1e601
CVE-2021-20202 created at 18 Mar 2021 12:46:07
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes