#VU15992 Information disclosure in GNOME Keyring - CVE-2018-19358
Published: November 20, 2018 / Updated: February 15, 2019
Vulnerability identifier: #VU15992
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-19358
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
GNOME Keyring
GNOME Keyring
Software vendor:
Gnome Development Team
Gnome Development Team
Description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to improper use of D-Bus protection mechanisms. A local attacker can execute a program that uses the D-Bus interface and a Secret Service API call to submit malicious input to retrieve login credentials, which could be used to conduct further attacks.
Remediation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.