4 matches found
ch.sourcepond.commons:smartswitch-tests (>=2.0.0 <=4.0.2), ch.sourcepond.io:checksum-tests (>=1.0.3 <=4.0.3) +39 more potentially affected by CVE-2018-11786 via org.apache.karaf:apache-karaf (>=2.0.0 <=4.1.6)
org.apache.karaf:apache-karaf MAVEN version =2.0.0, =2.0.0, =1.0.3, =1.0.0, =1.0.0, =1.5, =1.5.6, =4.4.1, =1.1.2, =1.0.0, =2.0.0, =2.0.6, =4.1.5.hyte-4005, =4.1.6.hyte-4006 and more Source cves: CVE-2018-11786 Source advisory: OSV:GHSA-9448-C9WQ-JG9V...
CVE-2018-11786
In Karaf prior to version 4.2.0, arbitrary file read and write, in additional to arbitrary command execution, is possible via the Karaf ssh console, if enabled...
CVE-2018-11786
In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a...
CVE-2018-11786
Apache Karaf prior to 4.2.0 is vulnerable: if the sshd service is left enabled, any user with Karaf console rights can pivot to read/write files accessible to the Karaf process user. The issue stems from insufficient isolation once an administrator session is active, allowing privilege elevation ...