Unrated severityNVD Advisory· Published Nov 8, 2018· Updated Aug 5, 2024
CVE-2018-19046
CVE-2018-19046
Description
keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: = 2.0.8
- osv-coords2 versionspkg:rpm/opensuse/keepalived&distro=openSUSE%20Tumbleweedpkg:rpm/suse/keepalived&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1
< 2.2.2-4.2+ 1 more
- (no CPE)range: < 2.2.2-4.2
- (no CPE)range: < 2.0.19-3.3.1
Patches
Vulnerability mechanics
References
3- security.gentoo.org/glsa/201903-01mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
- github.com/acassen/keepalived/issues/1048mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.