Bug 1610877 (CVE-2018-14335)

Summary: CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aileenc, akurtako, alazarot, anstephe, apevec, bmaxwell, caniszczyk, cdewolf, chazlett, chrisw, csutherl, darran.lofthouse, dimitris, dosoudil, drieden, etirelli, fgavrilo, gvarsami, ibek, jawilson, jcoleman, jjoyce, jolee, jondruse, jschatte, jschluet, jshepherd, jstastny, kbasil, kconner, krathod, kverlaen, ldimaggi, lef, lgao, lhh, loleary, lpeer, markmc, mburns, mkolesni, myarboro, nwallace, paradhya, pdrozd, pgier, ppalaga, pslavice, psotirop, rbryant, rnetuka, rrajasek, rstancel, rsvoboda, rsynek, rwagner, rzhang, sclewis, sdaley, slinaber, spinder, sstavrev, sthorger, tcunning, tdecacqu, theute, tkirby, twalsh, vhalbert, vtunka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-05 16:31:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1610878, 1611416, 1611418, 1611419, 1611420, 1611422    
Bug Blocks: 1610880    

Description Laura Pardo 2018-08-01 14:34:58 UTC 
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.


References:
https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20
Comment 1 Laura Pardo 2018-08-01 14:35:51 UTC 
Created h2 tracking bugs for this issue:

Affects: fedora-all [bug 1610878]
Comment 6 Joshua Padman 2019-05-15 22:57:52 UTC 
This vulnerability is out of security support scope for the following products:
 * Red Hat JBoss Fuse 6
 * Red Hat JBoss Fuse Service Works 6
 * Red Hat JBoss Operations Network 3
 * Red Hat JBoss SOA Platform 5
 * Red Hat JBoss BRMS 5
 * Red Hat JBoss Data Virtualization & Services 6
 * Red Hat JBoss BRMS 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Comment 10 errata-xmlrpc 2020-03-05 12:53:43 UTC 
This issue has been addressed in the following products:

  Red Hat Data Grid 7.3.3

Via RHSA-2020:0727 https://access.redhat.com/errata/RHSA-2020:0727
Comment 11 Product Security DevOps Team 2020-03-05 16:31:45 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-14335