CVE-2021-20202
Temporary Directory Hijacking Vulnerability in Keycloak
7.3
HIGH
CVSS 3.1
EPSS 0.05%
Description
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.
How to fix CVE-2021-20202
To remediate CVE-2021-20202, upgrade the affected package to a fixed version below.
- —upgrade to 13.0.0 or later
Is CVE-2021-20202 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 13.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |