CVE-2017-15112

keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
keycloak-httpd-client-install_projectkeycloak-httpd-client-install
𝑥
< 0.8
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
keycloak-httpd-client-install
RHEL 7
0:0.8-1.el7
fixed
python2-keycloak-httpd-client-install
RHEL 7
0:0.8-1.el7
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:2137
https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75
https://access.redhat.com/errata/RHSA-2019:2137
https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75