Vulnerability CVE-2018-1000858

Vulnerability Name:

CVE-2018-1000858 (CCN-154528)

Assigned:

2018-11-23

Published:

2018-11-23

Updated:

2019-02-13

Summary:

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.4 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)
4.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-352

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2018-1000858

Source: XF
Type: UNKNOWN
gnupg-cve20181000858-csrf(154528)

Source: CCN
Type: SektionEins GmbH Advisory 01/2018
Multiple vulnerabilities in GnuPG/dirmngr regarding WKD

Source: MISC
Type: Exploit, Third Party Advisory
https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html

Source: MISC
Type: Third Party Advisory
https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html

Source: UBUNTU
Type: Third Party Advisory
USN-3853-1

Source: CCN
Type: GnuPG Web site
GnuPG

Source: CCN
Type: IBM Security Bulletin 6520474 (QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-1000858

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnupg:gnupg:*:*:*:*:*:*:*:* (Version >= 2.1.12 and <= 2.2.11)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnupg:gnupg:2.1.12:*:*:*:*:*:*:*

OR cpe:/a:gnupg:gnupg:2.2.11:*:*:*:*:*:*:*

AND

cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20181000858	V	CVE-2018-1000858	2023-06-22
oval:org.opensuse.security:def:7482	P	dirmngr-2.2.27-150300.3.5.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:667	P	Security update for postgresql-jdbc (Moderate)	2022-08-03
oval:org.opensuse.security:def:2908	P	dirmngr-2.2.27-1.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94538	P	dirmngr-2.2.27-1.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:44	P	dirmngr-2.2.27-1.2 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:367	P	tar-1.34-150000.3.12.1 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:1376	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2022-06-06
oval:org.opensuse.security:def:100436	P	(Important)	2022-03-15
oval:org.opensuse.security:def:973	P	Security update for chrony (Moderate)	2022-03-15
oval:org.opensuse.security:def:70854	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:69759	P	Security update for python-Pygments (Important)	2021-12-01
oval:org.opensuse.security:def:61456	P	gpg2-2.2.5-4.6.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71197	P	gpg2-2.2.5-4.6.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103266	P	gpg2-2.2.5-4.6.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96576	P	gpg2-2.2.5-4.6.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89611	P	gpg2-2.2.5-4.6.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:48354	P	yast2-users-3.2.19-1.16 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46903	P	bzip2-1.0.6-29.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48014	P	gdk-pixbuf-lang-2.34.0-19.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47217	P	busybox-1.21.1-3.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47893	P	strongswan-5.1.3-26.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48116	P	libgme0-0.6.0-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47441	P	logwatch-7.4.3-15.65 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47908	P	ucode-intel-20180807a-13.35.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47803	P	libvirglrenderer0-0.5.0-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48222	P	libwavpack1-4.60.99-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46889	P	apache-commons-httpclient-3.1-4.364 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47949	P	apache2-2.4.23-29.43.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47024	P	libgraphite2-3-1.3.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48045	P	ibus-chewing-1.4.14-4.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47349	P	libgoa-1_0-0-3.20.5-9.6 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47894	P	stunnel-5.00-4.3.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47589	P	cyrus-sasl-2.1.26-8.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48029	P	groff-1.22.2-5.287 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46888	P	apache-commons-daemon-1.0.15-4.181 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47887	P	shim-0.9-23.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100820	P	dirmngr-2.2.27-1.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62062	P	dirmngr-2.2.27-1.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71803	P	dirmngr-2.2.27-1.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:48594	P	perl-5.18.2-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48892	P	argyllcms-1.6.3-3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48446	P	ipsec-tools-0.8.0-15.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2014	P	kernel-default-livepatch-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48808	P	libwebkit2gtk-3_0-25-2.4.8-16.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48954	P	libwmf-0_2-7-0.2.8.4-242.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70967	P	libcroco-0.6.12-2.38 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48754	P	pulseaudio-module-bluetooth-5.0-2.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:69654	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:49121	P	Security update for containerd, docker, runc (Important)	2021-04-30
oval:org.opensuse.security:def:49054	P	rhythmbox-3.4-6.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116660	P	gpg2-2.2.5-4.14.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93723	P	gpg2-2.2.5-4.14.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49019	P	libnautilus-extension1-32bit-3.20.3-23.12.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61756	P	gpg2-2.2.5-4.14.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71497	P	gpg2-2.2.5-4.14.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107102	P	gpg2-2.2.5-4.14.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49050	P	python-devel-2.7.13-28.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64267	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66311	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:72976	P	Security update for ffmpeg (Important)	2020-12-01
oval:org.opensuse.security:def:73094	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66403	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67514	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:49108	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50397	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:67614	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50451	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:64180	P	Security update for krb5 (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20204490	P	RHSA-2020:4490: gnupg2 security, bug fix, and enhancement update (Moderate)	2020-11-04
oval:com.ubuntu.xenial:def:201810008580000000	V	CVE-2018-1000858 on Ubuntu 16.04 LTS (xenial) - medium.	2018-12-20
oval:com.ubuntu.bionic:def:20181000858000	V	CVE-2018-1000858 on Ubuntu 18.04 LTS (bionic) - medium.	2018-12-20
oval:com.ubuntu.cosmic:def:20181000858000	V	CVE-2018-1000858 on Ubuntu 18.10 (cosmic) - medium.	2018-12-20
oval:com.ubuntu.cosmic:def:201810008580000000	V	CVE-2018-1000858 on Ubuntu 18.10 (cosmic) - medium.	2018-12-20
oval:com.ubuntu.trusty:def:20181000858000	V	CVE-2018-1000858 on Ubuntu 14.04 LTS (trusty) - medium.	2018-12-20
oval:com.ubuntu.bionic:def:201810008580000000	V	CVE-2018-1000858 on Ubuntu 18.04 LTS (bionic) - medium.	2018-12-20
oval:com.ubuntu.xenial:def:20181000858000	V	CVE-2018-1000858 on Ubuntu 16.04 LTS (xenial) - medium.	2018-12-20

BACK