CVE-2021-20202
First published: Fri Jan 29 2021(Updated: )
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/keycloak | <13.0.0 | 13.0.0 |
| Redhat Keycloak | <13.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw in Keycloak?
The vulnerability ID for this flaw in Keycloak is CVE-2021-20202.
What is the severity level of CVE-2021-20202?
CVE-2021-20202 has a severity level of 7.3 (high).
What is the highest threat from this vulnerability?
The highest threat from CVE-2021-20202 is unauthorized access to the contents stored in the temporary directory of Keycloak.
Which version of Keycloak is affected by CVE-2021-20202?
Versions up to and excluding 13.0.0 of Keycloak are affected by CVE-2021-20202.
Is there any fix available for this vulnerability?
Yes, the recommended fix for CVE-2021-20202 is to update to version 13.0.0 of Keycloak.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-20202
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat keycloak
- package-manager/redhat