Lucene search
Veracode Vulnerability DatabaseVERACODE:7500HistorySep 19, 2018 - 1:52 a.m.
Arbitrary File Read And Write
2018-09-1901:52:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.002
Percentile
55.0%
org.apache.karaf.shell.core is vulnerable to arbitrary file read and write. A user with rights to the Karaf console is able to read or write any file on the file system, which would allow an attacker with access to the sshd service to abuse the vulnerability to read or write arbitrary files on the file system to which the Karaf process user has access.
References
karaf.apache.org/security/cve-2018-11786.txt
gitbox.apache.org/repos/asf?p=karaf.git;h=24fb477
github.com/apache/karaf/commit/24fb477ea886e8f294dedbad98d2a2c4cb2a44f9
issues.apache.org/jira/browse/KARAF-5427
lists.apache.org/thread.html/5b7ac762c6bbe77ac5d9389f093fc6dbf196c36d788e3d7629e6c1d9@%3Cdev.karaf.apache.org%3E
Related
osv
osv
CVE-2018-11786
2018-09-18 14:29:00
Improper Privilege Management in Apache Karaf
2018-12-21 17:49:33
github
github
Improper Privilege Management in Apache Karaf
2018-12-21 17:49:33
redhatcve
redhatcve
CVE-2018-11786
2018-09-20 09:19:33
nvd
nvd
CVE-2018-11786
2018-09-18 14:29:00
prion
prion
Design/Logic Flaw
2018-09-18 14:29:00
cvelist
cvelist
CVE-2018-11786
2018-09-18 14:00:00
cve
cve
CVE-2018-11786
2018-09-18 14:29:00