CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19046

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.9%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 1.9

References

https://bugzilla.suse.com/show_bug.cgi?id=1015141
https://github.com/acassen/keepalived/issues/1048
https://security.gentoo.org/glsa/201903-01
https://bugzilla.suse.com/show_bug.cgi?id=1015141
https://github.com/acassen/keepalived/issues/1048
https://security.gentoo.org/glsa/201903-01

Products affected by CVE-2018-19046

Keepalived » Keepalived » Version: 2.0.8

cpe:2.3:a:keepalived:keepalived:2.0.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19046

Products

Pricing

Contact Us