Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
CVE-2017-15111 unsafe /tmp log file in --log-file option in keycloak_…
…cli.py
keycloak_cli.py is essentially a set of utilities used by the
keycloak-httpd-client-install tool. It can be invoked on it's own,
mostly for testing or to execute just one part of the Keycloak REST
API. It's log file defaulted to /tmp/{prog_name}.log where prog_name
is the name of the program that invoked it. That default was changed
to {prog_name}.log so the log file is created in the current directory
instead of under /tmp. Use of the /var/log directory was avoided
because that requires root privileges.- Loading branch information