CVE-2018-10380Link Following in Kwallet-pam

CWE-59Link Following6 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
KDE PlasmaDebian Kwallet-pamDebian Linux+1 more
Timeline
PublishedMay 8
Latest updateMay 14

Description

kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/kwallet-pam< kwallet-pam 5.12.1-2 (bookworm)
NVDkde/plasma< 5.12.6
NVDopensuse/leap15.0, 42.3+1

Also affects: Debian Linux 9.0

Patches

Patch: bugzilla.suse.comPatch: commits.kde.orgPatch: commits.kde.org

🔴Vulnerability Details

2
GHSA
GHSA-hqrj-vwqm-f24h: kwallet-pam in KDE KWallet before 52022-05-14
OSV
CVE-2018-10380: kwallet-pam in KDE KWallet before 52018-05-08

📋Vendor Advisories

1
Debian
CVE-2018-10380: kwallet-pam - kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership ...2018

💬Community

2
Bugzilla
CVE-2018-10380 pam-kwallet: Access to privileged files [epel-7]2018-05-04
Bugzilla
CVE-2018-10380 pam-kwallet: Access to privileged files2018-05-04
CVE-2018-10380 — Link Following in Debian Kwallet-pam | cvebase