CVE-2018-20781
published 2019-02-12CVE-2018-20781: In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | gnome-keyring | < gnome-keyring 3.28.0-1 (bookworm) | gnome-keyring 3.28.0-1 (bookworm) |
| gnome-keyring | gnome-keyring | >= 0 < 3.28.0-1 | 3.28.0-1 |
| gnome-keyring | gnome-keyring | >= 0 < 3.28.0-1 | 3.28.0-1 |
| gnome-keyring | gnome-keyring | >= 0 < 3.28.0-1 | 3.28.0-1 |
| gnome-keyring | gnome-keyring | >= 0 < 3.28.0-1 | 3.28.0-1 |
| gnome | gnome_keyring | < 3.27.2 | 3.27.2 |
| oracle | zfs_storage_appliance_kit | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH