{"id":"CVE-2017-15111","details":"keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.","aliases":["GHSA-vqf9-v3hc-wr54"],"modified":"2026-04-11T15:43:30.288332Z","published":"2018-01-20T00:29:00.467Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2137"},{"type":"FIX","url":"https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jdennis/keycloak-httpd-client-install","events":[{"introduced":"0"},{"fixed":"671fb011cda8ff809777f96d69bb837e60dd6861"},{"fixed":"07f26e213196936fb328ea0c1d5a66a09d8b5440"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"0.8"}],"cpe":"cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:*:*:*:*:*:*:*:*"}}],"versions":["RELEASE_0_1","RELEASE_0_2","RELEASE_0_3","RELEASE_0_4","RELEASE_0_5","RELEASE_0_6","RELEASE_0_7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15111.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}