CVE-2018-11786

HIGH

Apache Karaf < 4.2.0 - Unauthenticated Arbitrary File Read and Write via SSH Console

Title source: llm

Description

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/5b7ac762c6bbe77ac5d9389f093fc6dbf196c36d788e3d7629e6c1d9%40%3Cdev.karaf.apache.org%3E

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

https://issues.apache.org/jira/browse/KARAF-5427

Patch, Vendor Advisory x_refsource_confirm

http://karaf.apache.org/security/cve-2018-11786.txt

Scores

CVSS v3 8.8

EPSS 0.0076

EPSS Percentile 73.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (2)

apache/karaf < 4.2.0

org.apache.karaf/apache-karaf 0 - 4.2.0Maven

Published Sep 18, 2018

Tracked Since Feb 18, 2026