CVE-2017-15111

MEDIUM

Keycloak-httpd-client-install < 0.8 - Symlink Following

Title source: rule
STIX 2.1

Description

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

References (2)

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 17.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-377 CWE-59
Status published
Products (2)
keycloak-httpd-client-install_project/keycloak-httpd-client-install < 0.8
pypi/keycloak-httpd-client-install 0 - 0.8PyPI
Published Jan 20, 2018
Tracked Since Feb 18, 2026