DEBIAN-CVE-2018-19358

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2018-19358

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-19358.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2018-19358

Upstream

CVE-2018-19358

Published

2018-11-18T19:29:00.297Z

Modified

2026-04-28T20:19:04.477652Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.

References

https://security-tracker.debian.org/tracker/CVE-2018-19358

Affected packages

Debian:11 / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/debian/gnome-keyring?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.36.0-1

40.*

40.0-1

40.0-2

40.0-3

42.*

42.1-1

42.1-2

46.*

46.1-1

46.1-2

46.2-1

Other

48~beta-1

48~beta-2

48~beta-3

48.*

48.0-1

48.0-2

48.0-3

48.0-4

48.0-5

50.*

50.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-19358.json"

Debian:12 / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/debian/gnome-keyring?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

42.*

42.1-1

42.1-2

46.*

46.1-1

46.1-2

46.2-1

Other

48~beta-1

48~beta-2

48~beta-3

48.*

48.0-1

48.0-2

48.0-3

48.0-4

48.0-5

50.*

50.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-19358.json"

Debian:13 / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/debian/gnome-keyring?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

48.*

48.0-1

48.0-2

48.0-3

48.0-4

48.0-5

50.*

50.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-19358.json"

Debian:14 / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/debian/gnome-keyring?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

48.*

48.0-1

48.0-2

48.0-3

48.0-4

48.0-5

50.*

50.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-19358.json"