{"id":"CVE-2018-19358","details":"GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.","modified":"2026-04-10T04:07:34.290379Z","published":"2018-11-18T19:29:00.297Z","references":[{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652194#c8"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/5#note_1876550"},{"type":"EVIDENCE","url":"https://github.com/sungjungk/keyring_crack"},{"type":"EVIDENCE","url":"https://www.youtube.com/watch?v=Do4E9ZQaPck"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/gnome-keyring","events":[{"introduced":"0"},{"last_affected":"c2b54cdd3498ca443fbcb6dc66ff2e6e7b3c44b0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.28.2"}]}}],"versions":["0.17.4","2.91.2","2.91.3","2.91.4","2.91.91","3.1.1","3.1.4","3.1.90","3.1.91","3.1.92","3.10.0","3.10.1","3.11.92","3.12.0","3.12.2","3.13.91","3.14.0","3.15.90","3.15.92","3.16.0","3.17.4","3.17.91","3.18.0","3.18.1","3.18.2","3.18.3","3.19.4","3.19.90","3.20.0","3.27.2","3.27.4","3.27.92","3.28.0","3.28.0.1","3.28.0.2","3.28.2","3.3.1","3.3.1.1","3.3.2","3.3.3","3.3.3.1","3.3.4","3.3.5","3.3.91","3.3.92","3.4.0","3.5.3","3.5.4","3.5.5","3.5.90","3.5.91","3.5.92","3.6.0","3.6.1","3.7.1","3.7.2","3.7.5","3.7.91","3.7.92","3.8.0","3.8.1","3.9.1","3.9.90","GNOME_2_12_BRANCHPOINT","GNOME_2_14_BRANCHPOINT","GNOME_2_16_BRANCHPOINT","GNOME_2_6_BRANCHPOINT","GNOME_KEYRING_0_1","GNOME_KEYRING_0_1_3","GNOME_KEYRING_0_1_4","GNOME_KEYRING_0_1_90","GNOME_KEYRING_0_1_91","GNOME_KEYRING_0_2_0","GNOME_KEYRING_0_2_1","GNOME_KEYRING_0_3_1","GNOME_KEYRING_0_3_2","GNOME_KEYRING_0_3_3","GNOME_KEYRING_0_4_0","GNOME_KEYRING_0_4_1","GNOME_KEYRING_0_4_2","GNOME_KEYRING_0_4_3","GNOME_KEYRING_0_4_4","GNOME_KEYRING_0_4_5","GNOME_KEYRING_0_4_6","GNOME_KEYRING_0_4_7","GNOME_KEYRING_0_4_8","GNOME_KEYRING_0_4_9","GNOME_KEYRING_0_5_1","GNOME_KEYRING_0_5_2","GNOME_KEYRING_0_6_0","GNOME_KEYRING_0_7_1","GNOME_KEYRING_0_7_2","GNOME_KEYRING_0_7_3","GNOME_KEYRING_0_7_91","GNOME_KEYRING_0_7_92","GNOME_KEYRING_0_8","GNOME_KEYRING_2_19_4","GNOME_KEYRING_2_19_4_1","GNOME_KEYRING_2_19_5","GNOME_KEYRING_2_19_6_1","GNOME_KEYRING_2_19_90","GNOME_KEYRING_2_19_91","GNOME_KEYRING_2_20","GNOME_KEYRING_2_20_1","GNOME_KEYRING_2_21_3","GNOME_KEYRING_2_21_3_1","GNOME_KEYRING_2_21_3_2","GNOME_KEYRING_2_21_4","GNOME_KEYRING_2_21_5","GNOME_KEYRING_2_21_90","GNOME_KEYRING_2_21_91","GNOME_KEYRING_2_21_92","GNOME_KEYRING_2_22_0","GNOME_KEYRING_2_22_1","GNOME_KEYRING_2_22_2","GNOME_KEYRING_2_23_5","GNOME_KEYRING_2_23_92","GNOME_KEYRING_2_24_0","GNOME_KEYRING_2_24_1","GNOME_KEYRING_2_25_1","GNOME_KEYRING_2_25_2","GNOME_KEYRING_2_25_4","GNOME_KEYRING_2_25_4_1","GNOME_KEYRING_2_25_4_2","GNOME_KEYRING_2_25_5","GNOME_KEYRING_2_25_90","GNOME_KEYRING_2_25_91","GNOME_KEYRING_2_25_92","GNOME_KEYRING_2_26_0","GNOME_KEYRING_2_27_4","GNOME_KEYRING_2_27_5","GNOME_KEYRING_2_27_90","GNOME_KEYRING_2_27_92","GNOME_KEYRING_2_28_0","GNOME_KEYRING_2_28_1","GNOME_KEYRING_2_28_2","GNOME_KEYRING_2_29_4","GNOME_KEYRING_2_29_5","GNOME_KEYRING_2_29_90","GNOME_KEYRING_2_29_92","GNOME_KEYRING_2_30_0","GNOME_KEYRING_2_30_1","GNOME_KEYRING_2_31_4","GNOME_KEYRING_2_31_91","GNOME_KEYRING_2_31_92","GNOME_KEYRING_2_32_0","GNOME_KEYRING_2_3_91","GNOME_KEYRING_2_91_0","GNOME_KEYRING_2_91_1","initial_import"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19358.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}