1. Home
  2. CVE Database
  3. CVE-2019-12210
HIGH · 8.1

CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descri...

Vulnerability Description

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
YubicoPam-U2F1.0.7

References

FAQ

What is CVE-2019-12210?

CVE-2019-12210 is a vulnerability with a CVSS score of 8.1 (HIGH). In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descri...

How severe is CVE-2019-12210?

CVE-2019-12210 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12210?

Check the references section above for vendor advisories and patch information. Affected products include: Yubico Pam-U2F.