CVE-2018-20781

Source
https://cve.org/CVERecord?id=CVE-2018-20781
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20781.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-20781
Downstream
Published
2019-02-12T17:29:00.243Z
Modified
2026-07-08T05:53:09.502159540Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "canonical:ubuntu_linux",
            "extracted_events": [
                {
                    "introduced": "14.04"
                },
                {
                    "last_affected": "14.04"
                },
                {
                    "introduced": "16.04"
                },
                {
                    "last_affected": "16.04"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.8"
                },
                {
                    "last_affected": "8.8"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:zfs_storage_appliance_kit",
            "cpes": [
                "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / gitlab.gnome.org/gnome/gnome-keyring

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/gnome/gnome-keyring
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:gnome:gnome_keyring:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.27.2"
        }
    ]
}

Affected versions

0.*
0.17.4
2.*
2.91.2
2.91.3
2.91.4
2.91.91
3.*
3.1.1
3.1.4
3.1.90
3.1.91
3.1.92
3.10.0
3.10.1
3.11.92
3.12.0
3.12.2
3.13.91
3.14.0
3.15.90
3.15.92
3.16.0
3.17.4
3.17.91
3.18.0
3.18.1
3.18.2
3.18.3
3.19.4
3.19.90
3.20.0
3.3.1
3.3.1.1
3.3.2
3.3.3
3.3.3.1
3.3.4
3.3.5
3.3.91
3.3.92
3.4.0
3.5.3
3.5.4
3.5.5
3.5.90
3.5.91
3.5.92
3.6.0
3.6.1
3.7.1
3.7.2
3.7.5
3.7.91
3.7.92
3.8.0
3.8.1
3.9.1
3.9.90
Other
GNOME_2_12_BRANCHPOINT
GNOME_2_14_BRANCHPOINT
GNOME_2_16_BRANCHPOINT
GNOME_2_6_BRANCHPOINT
GNOME_KEYRING_0_1
GNOME_KEYRING_0_1_3
GNOME_KEYRING_0_1_4
GNOME_KEYRING_0_1_90
GNOME_KEYRING_0_1_91
GNOME_KEYRING_0_2_0
GNOME_KEYRING_0_2_1
GNOME_KEYRING_0_3_1
GNOME_KEYRING_0_3_2
GNOME_KEYRING_0_3_3
GNOME_KEYRING_0_4_0
GNOME_KEYRING_0_4_1
GNOME_KEYRING_0_4_2
GNOME_KEYRING_0_4_3
GNOME_KEYRING_0_4_4
GNOME_KEYRING_0_4_5
GNOME_KEYRING_0_4_6
GNOME_KEYRING_0_4_7
GNOME_KEYRING_0_4_8
GNOME_KEYRING_0_4_9
GNOME_KEYRING_0_5_1
GNOME_KEYRING_0_5_2
GNOME_KEYRING_0_6_0
GNOME_KEYRING_0_7_1
GNOME_KEYRING_0_7_2
GNOME_KEYRING_0_7_3
GNOME_KEYRING_0_7_91
GNOME_KEYRING_0_7_92
GNOME_KEYRING_0_8
GNOME_KEYRING_2_19_4
GNOME_KEYRING_2_19_4_1
GNOME_KEYRING_2_19_5
GNOME_KEYRING_2_19_6_1
GNOME_KEYRING_2_19_90
GNOME_KEYRING_2_19_91
GNOME_KEYRING_2_20
GNOME_KEYRING_2_20_1
GNOME_KEYRING_2_21_3
GNOME_KEYRING_2_21_3_1
GNOME_KEYRING_2_21_3_2
GNOME_KEYRING_2_21_4
GNOME_KEYRING_2_21_5
GNOME_KEYRING_2_21_90
GNOME_KEYRING_2_21_91
GNOME_KEYRING_2_21_92
GNOME_KEYRING_2_22_0
GNOME_KEYRING_2_22_1
GNOME_KEYRING_2_22_2
GNOME_KEYRING_2_23_5
GNOME_KEYRING_2_23_92
GNOME_KEYRING_2_24_0
GNOME_KEYRING_2_24_1
GNOME_KEYRING_2_25_1
GNOME_KEYRING_2_25_2
GNOME_KEYRING_2_25_4
GNOME_KEYRING_2_25_4_1
GNOME_KEYRING_2_25_4_2
GNOME_KEYRING_2_25_5
GNOME_KEYRING_2_25_90
GNOME_KEYRING_2_25_91
GNOME_KEYRING_2_25_92
GNOME_KEYRING_2_26_0
GNOME_KEYRING_2_27_4
GNOME_KEYRING_2_27_5
GNOME_KEYRING_2_27_90
GNOME_KEYRING_2_27_92
GNOME_KEYRING_2_28_0
GNOME_KEYRING_2_28_1
GNOME_KEYRING_2_28_2
GNOME_KEYRING_2_29_4
GNOME_KEYRING_2_29_5
GNOME_KEYRING_2_29_90
GNOME_KEYRING_2_29_92
GNOME_KEYRING_2_30_0
GNOME_KEYRING_2_30_1
GNOME_KEYRING_2_31_4
GNOME_KEYRING_2_31_91
GNOME_KEYRING_2_31_92
GNOME_KEYRING_2_32_0
GNOME_KEYRING_2_3_91
GNOME_KEYRING_2_91_0
GNOME_KEYRING_2_91_1
initial_import

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20781.json"