What is CVE-2018-11786?

CVE-2018-11786 is a high-severity vulnerability in Apache Karaf, classified under Improper Privilege Management. CVSS score: 8.8/10. Published 2018-09-18.

How severe is CVE-2018-11786?

High severity. CVSS v3 base score is 8.8 out of 10.

Privilege escalation in Apache Karaf

CVE-2018-11786

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which th…

Vulnerability class: Privilege Escalation

EPSS: 0.019 (77.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Apache Karaf
Apache Software Foundation Karaf — versions prior to 4.2.0 release

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (x_refsource_CONFIRM, Patch, Issue Tracking, Vendor Advisory)
security@apache.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2018-11786?: CVE-2018-11786 is a high-severity vulnerability in Apache Karaf, classified under Improper Privilege Management. CVSS score: 8.8/10. Published 2018-09-18.
How severe is CVE-2018-11786?: High severity. CVSS v3 base score is 8.8 out of 10.