What is the vulnerability ID for this flaw in Keycloak?

The vulnerability ID for this flaw in Keycloak is CVE-2021-20202.

What is the severity level of CVE-2021-20202?

CVE-2021-20202 has a severity level of 7.3 (high).

What is the highest threat from this vulnerability?

The highest threat from CVE-2021-20202 is unauthorized access to the contents stored in the temporary directory of Keycloak.

Which version of Keycloak is affected by CVE-2021-20202?

Versions up to and excluding 13.0.0 of Keycloak are affected by CVE-2021-20202.

Is there any fix available for this vulnerability?

Yes, the recommended fix for CVE-2021-20202 is to update to version 13.0.0 of Keycloak.

Vulnerability/
CVE-2021-20202

high

7.3

CWE

377

29/1/2021

12/5/2021

18/5/2021

CVE-2021-20202

First published: Fri Jan 29 2021(Updated: )

This particular vulnerability exists because on unix-like systems (not including MacOS) the system temporary directory is shared between all users. As such, failure to correctly set file permissions and/or verify exclusive creation of directories can lead to either local information disclosure, or local file hijacking by another user. In the worse case scenario, this can lead to a local privilege escalation vulnerability. An attacker can create these directories before the java process creates them, but with wider user permissions. Since these directory names are not in any way random, the attacker can simply create these directories ahead of Keycloak. When this happens, the java process doesn't complain that the directories already exist, `mkdir` and `mkdirs` simply return false. However, assuming that the java process is the first thing to create these directories, `mkdir` and `mkdirs` will only set the directory following the default umask (I believe); by default that means that these directories are created with the permissions `drwxr-xr-x`. Thus allowing a malicious local user to read the contents of this temporary directory. The safest protections are to switch to the `Files` API that allow you to exclusively set the file permissions when creating the directories. Or use the `Files` API's for creating temporary directories. <a href="https://issues.redhat.com/browse/KEYCLOAK-17000">https://issues.redhat.com/browse/KEYCLOAK-17000</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/keycloak	<13.0.0	13.0.0
Redhat Keycloak	<13.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this flaw in Keycloak?
The vulnerability ID for this flaw in Keycloak is CVE-2021-20202.
What is the severity level of CVE-2021-20202?
CVE-2021-20202 has a severity level of 7.3 (high).
What is the highest threat from this vulnerability?
The highest threat from CVE-2021-20202 is unauthorized access to the contents stored in the temporary directory of Keycloak.
Which version of Keycloak is affected by CVE-2021-20202?
Versions up to and excluding 13.0.0 of Keycloak are affected by CVE-2021-20202.
Is there any fix available for this vulnerability?
Yes, the recommended fix for CVE-2021-20202 is to update to version 13.0.0 of Keycloak.

collector/redhat-bugzilla
alias/CVE-2021-20202
collector/nvd-index
package-manager/redhat
vendor/redhat
canonical/redhat keycloak

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.