CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
References
Link Resource
https://keybase.io/docs/secadv/kb002 Exploit Vendor Advisory
https://hackerone.com/reports/426944 Exploit Patch Third Party Advisory
https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalation/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:keybase:keybase:*:*:*:*:*:linux:*:*

Information

Published : 2018-12-20 15:29

Updated : 2019-02-04 09:44


NVD link : CVE-2018-18629

Mitre link : CVE-2018-18629


JSON object : View

CWE
CWE-426

Untrusted Search Path

Advertisement

dedicated server usa

Products Affected

keybase

  • keybase