high
7.8
CWE
59
Advisory Published
Updated

CVE-2018-10380

First published: Tue May 08 2018(Updated: )

kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
debian/kwallet-pam
5.14.5-1
5.20.5-1
5.27.5-2
5.27.8-1
KDE Plasma Workspace<5.12.6
Debian Debian Linux=9.0
openSUSE=15.0
openSUSE=42.3

Remedy

https://bugzilla.suse.com/show_bug.cgi?id=1090863

Remedy

https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5

Remedy

https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0

Remedy

https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b

Remedy

https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8

Remedy

https://www.kde.org/info/security/advisory-20180503-1.txt

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2018-10380?

    CVE-2018-10380 is a vulnerability in kwallet-pam in KDE KWallet before version 5.12.6 that allows local users to obtain ownership of arbitrary files via a symlink attack.

  • How does CVE-2018-10380 affect KDE KWallet?

    CVE-2018-10380 affects KDE KWallet before version 5.12.6.

  • What is the severity of CVE-2018-10380?

    CVE-2018-10380 has a severity rating of 7.8 (high).

  • How can I fix CVE-2018-10380?

    You can fix CVE-2018-10380 by updating to KDE KWallet version 5.12.6 or higher.

  • Where can I find more information about CVE-2018-10380?

    You can find more information about CVE-2018-10380 at the following references: [Bugzilla](https://bugzilla.suse.com/show_bug.cgi?id=1090863), [KDE Commits](https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5), [KDE Commits](https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203