CVE-2018-19046: Infoleak
First published: Thu Nov 08 2018(Updated: )
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Keepalived Keepalived | =2.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-19046?
CVE-2018-19046 is a vulnerability in keepalived version 2.0.8 that allows a local attacker to gain read access to sensitive files.
How does CVE-2018-19046 affect keepalived?
CVE-2018-19046 affects keepalived version 2.0.8.
What is the severity of CVE-2018-19046?
The severity of CVE-2018-19046 is medium, with a CVSS score of 4.7.
How can an attacker exploit CVE-2018-19046?
An attacker can exploit CVE-2018-19046 by creating a file with the expected name and gaining read access to sensitive data.
Is there a fix available for CVE-2018-19046?
Yes, the fix for CVE-2018-19046 is to update to a version of keepalived that is not affected by this vulnerability.
- collector/nvd-index
- vendor/keepalived
- canonical/keepalived keepalived
- version/keepalived keepalived/2.0.8