Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-20202

Related Vulnerabilities: CVE-2021-20202  

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

Source

Description

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

Mitigation

By switching to the `Files` API, you are allowed to exclusively set the file permissions when creating directories or creating temporary directories.

Additional Information

  • Bugzilla 1922128: CVE-2021-20202 keycloak: Temporary Directory Hijacking Vulnerability in Keycloak
  • CWE-377: Insecure Temporary File
  • FAQ: Frequently asked questions about CVE-2021-20202

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started