1610877 – (CVE-2018-14335) CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup

Bug 1610877 (CVE-2018-14335) - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup

Summary: CVE-2018-14335 h2: Information Exposure due to insecure handling of permissio...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-14335
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1610878 1611416 1611418 1611419 1611420 1611422
Blocks:	1610880
TreeView+	depends on / blocked

Reported:	2018-08-01 14:34 UTC by Laura Pardo
Modified:	2026-05-14 17:10 UTC (History)
CC List:	101 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2020-03-05 16:31:45 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:0727	0	None	None	None	2020-03-05 12:53:46 UTC

Description Laura Pardo 2018-08-01 14:34:58 UTC

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.


References:
https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20

Comment 1 Laura Pardo 2018-08-01 14:35:51 UTC

Created h2 tracking bugs for this issue:

Affects: fedora-all [bug 1610878]

Comment 6 Joshua Padman 2019-05-15 22:57:52 UTC

This vulnerability is out of security support scope for the following products:
 * Red Hat JBoss Fuse 6
 * Red Hat JBoss Fuse Service Works 6
 * Red Hat JBoss Operations Network 3
 * Red Hat JBoss SOA Platform 5
 * Red Hat JBoss BRMS 5
 * Red Hat JBoss Data Virtualization & Services 6
 * Red Hat JBoss BRMS 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 10 errata-xmlrpc 2020-03-05 12:53:43 UTC

This issue has been addressed in the following products:

  Red Hat Data Grid 7.3.3

Via RHSA-2020:0727 https://access.redhat.com/errata/RHSA-2020:0727

Comment 11 Product Security DevOps Team 2020-03-05 16:31:45 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-14335

Note You need to log in before you can comment on or make changes to this bug.

aileenc
akurtako
alazarot
anstephe
apevec
aschwart
asoldano
aszczucz
bbaranow
bmaxwell
boliveir
bstansbe
caniszczyk
cdewolf
chazlett
chrisw
csutherl
darran.lofthouse
dimitris
dlofthou
dosoudil
drichtar
drieden
eglynn
etirelli
fgavrilo
gmalinko
gvarsami
ibek
istudens
ivassile
iweiss
janstey
jawilson
jcoleman
jjoyce
jolee
jondruse
jpretori
jschatte
jschluet
jshepherd
jstastny
kbasil
kconner
krathod
kverlaen
ldimaggi
lgao
lhh
loleary
lpeer
markmc
mburns
mgarciac
mkolesni
mosmerov
mposolda
msvehla
myarboro
nwallace
paradhya
pberan
pdelbell
pdrozd
pesilva
pgier
pjindal
pmackay
ppalaga
pslavice
psotirop
rbryant
rmartinc
rnetuka
rrajasek
rstancel
rstepani
rsvoboda
rsynek
rwagner
rzhang
sclewis
scohen
sdaley
slinaber
smaestri
spinder
ssilvert
sstavrev
sthorger
tcunning
tdecacqu
theute
thjenkin
tkirby
twalsh
vdosoudi
vhalbert
vmuzikar
vtunka