The vulnerability lies in the implementation of the PrintData or PrintStats functions in the network traffic balancing system’s Keepalived component. This allows attackers to gain access to the protected information.

The vulnerability of the PrintData or PrintStats implementation in the network traffic balancing system of Keepalived lies in the lack of protection for service data when the MODE=“0666” mode is used. Exploiting this vulnerability can allow an attacker to gain access to the protected information...

Medium: libcgroup

Issue Overview: libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.CVE-2018-14348 Affected Packages: libcgroup Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

CVE-2018-19045

keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information...

DEBIAN-CVE-2018-14348

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...