CVE-2017-15112

Public on 2018-01-20
Modified on 2019-10-23
Description
In keycloak-http-client-install prior to version 0.8, the admin password could be provided through a command-line argument. This might result in the password being leaked through shell history, or becoming visible to a local attacker at the time the program is running.
Severity
Low severity
Low
CVSS v3 Base Score
2.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core keycloak-httpd-client-install 2019-10-21 ALAS2-2019-1324 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
NVD CVSSv2 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H