keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.
References
Link | Resource |
---|---|
https://github.com/acassen/keepalived/issues/1048 | Exploit Patch Third Party Advisory |
https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067 | Patch Third Party Advisory |
https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6 | Patch Third Party Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1015141 | Issue Tracking Third Party Advisory |
https://security.gentoo.org/glsa/201903-01 | Third Party Advisory |
Configurations
Information
Published : 2018-11-08 12:29
Updated : 2019-03-12 07:13
NVD link : CVE-2018-19045
Mitre link : CVE-2018-19045
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
keepalived
- keepalived