HIGH 7.8
PYSEC-2026-828
keycloak-httpd-client-install Insecure Secrets
Details
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / keycloak-httpd-client-install
Introduced in:
0 Fixed in: 0.8 Fix
pip install --upgrade 'keycloak-httpd-client-install>=0.8' References
- https://nvd.nist.gov/vuln/detail/CVE-2017-15112 [ADVISORY]
- https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75 [WEB]
- https://access.redhat.com/errata/RHSA-2019:2137 [WEB]
- https://github.com/jdennis/keycloak-httpd-client-install [PACKAGE]
- https://pypi.org/project/keycloak-httpd-client-install [PACKAGE]
- https://github.com/advisories/GHSA-89c9-3758-737w [ADVISORY]