CVE-2021-20202

Source
https://cve.org/CVERecord?id=CVE-2021-20202
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20202.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20202
Aliases
Published
2021-05-12T15:15:07.597Z
Modified
2026-07-16T03:46:02.230608501Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type
GIT
Repo
https://github.com/keycloak/keycloak
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.0.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-beta-1
1.0-beta-2
1.0-beta-4
1.0-final
1.0-rc-1
1.0.0.Final
1.1.0.Beta2
1.3.0.Final
2.*
2.4.0.Test

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20202.json"