CVE-2017-15111: Improper Link Resolution Before File Access

January 20, 2018 (updated August 6, 2019)

keycloak-httpd-client-install insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

References

nvd.nist.gov/vuln/detail/CVE-2017-15111

Code Behaviors & Features

Detect and mitigate CVE-2017-15111 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →