Vulnerability Description
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Keybase | Keybase | < 2.12.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106824Third Party AdvisoryVDB Entry
- https://hackerone.com/reports/471739ExploitPatchThird Party Advisory
- https://keybase.io/docs/secadv/kb004ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/106824Third Party AdvisoryVDB Entry
- https://hackerone.com/reports/471739ExploitPatchThird Party Advisory
- https://keybase.io/docs/secadv/kb004ExploitPatchVendor Advisory
FAQ
What is CVE-2019-7249?
CVE-2019-7249 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with...
How severe is CVE-2019-7249?
CVE-2019-7249 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7249?
Check the references section above for vendor advisories and patch information. Affected products include: Keybase Keybase.