In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Created libgnome-keyring tracking bugs for this issue:
Affects: fedora-all [bug 1677289]
To exploit this flaw, an attacker would need to read the memory of a local process under the uid of the target user. While exposing the user's password is significant, having this capacity puts the attacker definitively "within the gates" and already in a position to steal sensitive data if not worse. Thus downgrading severity to Low.
libgnome-keyring is not affected by this issue.