CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
References
Link Resource
https://blog.mirch.io/2018/12/21/cve-2018-18629-keybase-linux-privilege-escalation/ Exploit Third Party Advisory
https://hackerone.com/reports/426944 Exploit Patch Third Party Advisory
https://keybase.io/docs/secadv/kb002 Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:keybase:keybase:*:*:*:*:*:linux:*:*

History

No history.

Information

Published : 2018-12-20 23:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-18629

Mitre link : CVE-2018-18629

CVE.ORG link : CVE-2018-18629


JSON object : View

Products Affected

keybase

  • keybase
CWE
CWE-426

Untrusted Search Path