CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15111 – keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py
https://notcve.org/view.php?id=CVE-2017-15111
20 Jan 2018 — keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. keycloak-httpd-client-install, en versiones anteriores a la 0.8, crea archivos temporales de forma insegura, lo que permite que atacantes locales sobrescriban otros archivos mediante un enlace simbólico. It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive... • https://access.redhat.com/errata/RHSA-2019:2137 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15112 – keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line
https://notcve.org/view.php?id=CVE-2017-15112
20 Jan 2018 — keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users. keycloak-httpd-client-install, en versiones anteriores a la 0.8, permite que los usuarios pasen la contraseña de forma no segura a través de la línea de comandos, filtrándola mediante el historial de comandos y procesen la información a otros usuarios locales. In keycloak-http-client-install prior to version 0.8, the admin passw... • https://access.redhat.com/errata/RHSA-2019:2137 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •