Home > Vulnerability Database > CVE-2021-20202

Mend.io Vulnerability Database

CVE-2021-20202

Good to know:

Date: May 12, 2021

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

Language: Java

Severity Score

7.3

Related Resources (4)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1922128

Url: https://github.com/keycloak/keycloak/commit/853a6d73276849877819f2dc23133557f6e1e601

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20202

Url: https://www.mend.io/vulnerability-database/CVE-2021-20202

Severity Score

7.3

Weakness Type (CWE)

Insecure Temporary File

CWE-377

Top Fix

Upgrade Version

Upgrade to version org.keycloak:keycloak-services - 13.0.0

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20202

Good to know:

Date: May 12, 2021

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?