CVE-2010-1149 — Sensitive Information Exposure in Udisks

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 88.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Udisks

Timeline

PublishedApr 12

Latest updateMay 2

Description

probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDfreedesktop/udisks1.0

🔴Vulnerability Details

GHSA

GHSA-5hh6-fqvm-v5v8: probers/udisks-dm-export↗2022-05-02

▶

CVEList

CVE-2010-1149: probers/udisks-dm-export↗2010-04-12

▶

📋Vendor Advisories

Red Hat

v1.0.0: Device mapper table information leak↗2010-04-06

▶

💬Community

Bugzilla

CVE-2010-1149 udisks v1.0.0: Device mapper table information leak↗2010-04-07

▶