CVE-2018-14335: Infoleak

Reference Links

• https://www.cve.org/CVERecord?id=CVE-2018-14335 https://nvd.nist.gov/vuln/detail/CVE-2018-14335
• https://bugzilla.redhat.com/show_bug.cgi?id=1610877
• https://access.redhat.com/errata/RHSA-2020:0727
• https://access.redhat.com/security/cve/cve-2018-14335
• https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20
• https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E
• https://www.exploit-db.com/exploits/45105/
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1610878
• https://access.redhat.com/support/policy/updates/jboss_notes
• https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E
• https://security.netapp.com/advisory/ntap-20240726-0003/

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2020:0727

Frequently Asked Questions

• What is the severity of CVE-2018-14335?

  The severity of CVE-2018-14335 is medium with a CVSS score of 6.5.

• What is the description of CVE-2018-14335?

  CVE-2018-14335 is an issue in H2 1.4.197 where insecure handling of permissions in the backup function allows attackers to read sensitive files via a symlink to a fake database file.

• How does CVE-2018-14335 affect H2database H2 version 1.4.197?

  CVE-2018-14335 affects H2database H2 version 1.4.197 by allowing attackers to read sensitive files outside of their permissions.

• Are there any references for CVE-2018-14335?

  Yes, you can find references for CVE-2018-14335 at the following links: [Link 1](https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20), [Link 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1610878), [Link 3](https://access.redhat.com/support/policy/updates/jboss_notes).

• Which Common Weakness Enumeration (CWE) categories does CVE-2018-14335 belong to?

  CVE-2018-14335 belongs to CWE-200 and CWE-59.