Vulnerability Description
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Keybase | Keybase | < 2.8.0-20181023124437 |
Related Weaknesses (CWE)
References
- https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalatiExploitThird Party Advisory
- https://hackerone.com/reports/426944ExploitPatchThird Party Advisory
- https://keybase.io/docs/secadv/kb002ExploitVendor Advisory
- https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalatiExploitThird Party Advisory
- https://hackerone.com/reports/426944ExploitPatchThird Party Advisory
- https://keybase.io/docs/secadv/kb002ExploitVendor Advisory
FAQ
What is CVE-2018-18629?
CVE-2018-18629 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivile...
How severe is CVE-2018-18629?
CVE-2018-18629 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18629?
Check the references section above for vendor advisories and patch information. Affected products include: Keybase Keybase.