CVE-2018-1196

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1196
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1196.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1196
Aliases
Published
2018-03-19T18:29:00.387Z
Modified
2026-04-10T04:04:40.801492Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "runuser" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.

References

Affected packages

Git / github.com/spring-projects/spring-boot

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-boot
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1e8b9569d3a3900a0ed61712099823ad735b8078
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a9503abb94b203a717527b81a94dc9d3cb4b1afa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5482bae289df99722a607275e07a238447d2becd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a3871adf3aa6f5499213ef026f84899b9cd38b65
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
14563ef24c6a5ef0658af60a489466dbe5e5910c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1c02e9e1eafa19ff7753d56105ed1f6fad5d2b9d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
75eb17fafc78cb843d3983e376e5f64078135830
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
95df4859a54c63652a0b455b8d6c8133d4c0091a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-milestone1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-milestone2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-milestone3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-milestone4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-milestone5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-milestone6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-milestone7"
        }
    ]
}

Affected versions

v1.*
v1.0.0.RC3
v1.0.0.RC4
v1.5.9.RELEASE
v2.*
v2.0.0.M1
v2.0.0.M2
v2.0.0.M3
v2.0.0.M4
v2.0.0.M5
v2.0.0.M6
v2.0.0.M7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1196.json"