Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2018/12/21 5:49 p.m.6 views

ch.sourcepond.commons:smartswitch-tests (>=2.0.0 <=4.0.2), ch.sourcepond.io:checksum-tests (>=1.0.3 <=4.0.3) +39 more potentially affected by CVE-2018-11786 via org.apache.karaf:apache-karaf (>=2.0.0 <=4.1.6)

org.apache.karaf:apache-karaf MAVEN version =2.0.0, =2.0.0, =1.0.3, =1.0.0, =1.0.0, =1.5, =1.5.6, =4.4.1, =1.1.2, =1.0.0, =2.0.0, =2.0.6, =4.1.5.hyte-4005, =4.1.6.hyte-4006 and more Source cves: CVE-2018-11786 Source advisory: OSV:GHSA-9448-C9WQ-JG9V...

9CVSS7.2AI score0.01904EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/09/20 9:19 a.m.24 views

CVE-2018-11786

In Karaf prior to version 4.2.0, arbitrary file read and write, in additional to arbitrary command execution, is possible via the Karaf ssh console, if enabled...

9CVSS7.2AI score0.01904EPSS
Exploits0References2
NVD
NVD
added 2018/09/18 2:29 p.m.25 views

CVE-2018-11786

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a...

9CVSS8.6AI score0.01904EPSS
Exploits0References3
CVE
CVE
added 2018/09/18 2:0 p.m.86 views

CVE-2018-11786

Apache Karaf prior to 4.2.0 is vulnerable: if the sshd service is left enabled, any user with Karaf console rights can pivot to read/write files accessible to the Karaf process user. The issue stems from insufficient isolation once an administrator session is active, allowing privilege elevation ...

9CVSS8.5AI score0.01904EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder