CVE-2017-15111

MEDIUM

keycloak-httpd-client-install < 0.8 - Insecure Temporary File via Symbolic Link

Title source: llm

Description

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440

View Patch ZIP pw:eip

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:2137

Scores

CVSS v3 5.5

EPSS 0.0039

EPSS Percentile 30.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-377 CWE-59

Status published

Products (2)

keycloak-httpd-client-install_project/keycloak-httpd-client-install < 0.8

pypi/keycloak-httpd-client-install 0 - 0.8PyPI

Published Jan 20, 2018

Tracked Since Feb 18, 2026