cvedb.io
CVE-2018-19358
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2018-11-18T19:29:00.297 · Last modified 2026-06-17T01:49:11.677

Summary

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.

Affected products

gnome — gnome-keyring

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnome ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.