CVE-2018-14348 — Sensitive Information Exposure in Libcgroup

CWE-200 — Sensitive Information Exposure CWE-284 — Improper Access Control9 documents8 sources

Severity

8.1HIGHNVD

EPSS

0.5%

top 33.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libcgroup Project Libcgroup Debian Libcgroup Debian Linux +7 more

Timeline

PublishedAug 14

Latest updateMay 14

Description

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages9 packages

▶debiandebian/libcgroup< libcgroup 0.41-8.1 (bookworm)

▶Debianlibcgroup_project/libcgroup< 0.41-8.1+3

▶NVDlibcgroup_project/libcgroup0.41

▶msrcmsrc/cm1_libcgroup_0.41-23_on_cbl_mariner_1.0

▶msrcmsrc/cbl2_libcgroup_0.41-23_on_cbl_mariner_2.0

Also affects: Debian Linux 8.0, Fedora 28

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-pp2m-446r-52q7: libcgroup up to and including 0↗2022-05-14

▶

OSV

CVE-2018-14348: libcgroup up to and including 0↗2018-08-14

▶

📋Vendor Advisories

Ubuntu

libcgroup vulnerability↗2021-03-15

▶

Microsoft

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask leading to disclosure of information.↗2018-08-14

▶

Red Hat

libcgroup: cgrulesengd creates log files with insecure permissions↗2018-07-25

▶

Debian

CVE-2018-14348: libcgroup - libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardl...↗2018

▶

💬Community

Bugzilla

CVE-2018-14348 libcgroup: cgrulesengd creates log files with insecure permissions↗2018-08-02

▶

Bugzilla

CVE-2018-14348 libcgroup: cgrulesengd creates log files with insecure permissions [fedora-all]↗2018-08-02

▶