What is CVE-2018-15687?

CVE-2018-15687 is a high-severity vulnerability in Systemd. CVSS score: 7.8/10. Published 2018-10-26.

How severe is CVE-2018-15687?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Systemd

CVE-2018-15687

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

EPSS: 0.004 (59.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Systemd — versions unspecified

References

GLSA-201810-10 (vendor-advisory, x_refsource_GENTOO)
github.com/systemd/systemd/pull/10517/commits (x_refsource_MISC)
105748 (vdb-entry, x_refsource_BID)
USN-3816-1 (x_refsource_UBUNTU, vendor-advisory)
45715 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2018-15687?: CVE-2018-15687 is a high-severity vulnerability in Systemd. CVSS score: 7.8/10. Published 2018-10-26.
How severe is CVE-2018-15687?: High severity. CVSS v3 base score is 7.8 out of 10.