CVE-2018-14348

HIGH

libcgroup <= 0.41 - Exposure of Sensitive Information via Log File Permissions

Title source: llm
STIX 2.1

Description

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.

References (6)

Core 6
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1100365
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2047

Scores

CVSS v3 8.1
EPSS 0.0232
EPSS Percentile 81.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-200
Status published
Products (3)
debian/debian_linux 8.0
fedoraproject/fedora 28
libcgroup_project/libcgroup < 0.41
Published Aug 14, 2018
Tracked Since Feb 18, 2026