CVE-2018-19046
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
keepalived 2.0.8 no verificaba los archivos planos existentes al escribir datos en un archivo temporal al llamar a PrintData o PrintStats. Si un atacante local hubiera creado previamente un archivo con el nombre esperado (por ejemplo, /tmp/keepalived.data o /tmp/keepalived.stats), con acceso de lectura para el atacante y acceso de escritura para el proceso keepalived, entonces esto podrÃa filtrar información sensible.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-06 CVE Reserved
- 2018-11-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1015141 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/acassen/keepalived/issues/1048 | 2019-03-13 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201903-01 | 2019-03-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Keepalived Search vendor "Keepalived" | Keepalived Search vendor "Keepalived" for product "Keepalived" | 2.0.8 Search vendor "Keepalived" for product "Keepalived" and version "2.0.8" | - |
Affected
| ||||||