UBUNTU-CVE-2018-19358

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-19358

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19358.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-19358

Withdrawn

2025-06-23T15:53:15Z

Published

2018-11-18T19:29:00Z

Modified

2018-11-18T19:29:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

** DISPUTED ** GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.

References

Affected packages

Ubuntu:Pro:16.04:LTS / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/ubuntu/gnome-keyring

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.16.0-4ubuntu2

3.18.3-0ubuntu2

3.18.3-0ubuntu2.1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19358.json"

Ubuntu:Pro:18.04:LTS / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/ubuntu/gnome-keyring

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.20.1-1ubuntu1

3.27.4-1ubuntu1

3.27.4-2ubuntu1

3.28.0.1-1ubuntu1

3.28.0.2-1ubuntu1

3.28.0.2-1ubuntu1.18.04.1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19358.json"

Ubuntu:20.04:LTS / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/ubuntu/gnome-keyring

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.34.0-1ubuntu1

3.35.90-1ubuntu1

3.36.0-1ubuntu1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19358.json"

Ubuntu:22.04:LTS / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/ubuntu/gnome-keyring

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

40.*

40.0-1ubuntu1

40.0-1ubuntu2

40.0-3ubuntu1

40.0-3ubuntu2

40.0-3ubuntu3

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19358.json"

Ubuntu:24.04:LTS / gnome-keyring

Package

Name: gnome-keyring
Purl: pkg:deb/ubuntu/gnome-keyring

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

42.*

42.1-1

42.1-2

46.*

46.1-1

46.1-1build1

46.1-2build1

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19358.json"