{"id":"UBUNTU-CVE-2018-20781","details":"In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.","modified":"2026-02-04T03:06:11.830740Z","published":"2019-02-12T00:00:00Z","related":["USN-3894-1"],"upstream":["CVE-2018-20781"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20781"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3894-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-20781"}],"affected":[{"package":{"name":"gnome-keyring","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/gnome-keyring@3.10.1-1ubuntu4.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.1-1ubuntu4.4"}]}],"versions":["3.8.2-0ubuntu3","3.10.1-1ubuntu3","3.10.1-1ubuntu4","3.10.1-1ubuntu4.1","3.10.1-1ubuntu4.2","3.10.1-1ubuntu4.3"],"ecosystem_specific":{"binaries":[{"binary_name":"gnome-keyring","binary_version":"3.10.1-1ubuntu4.4"},{"binary_name":"libp11-kit-gnome-keyring","binary_version":"3.10.1-1ubuntu4.4"},{"binary_name":"libpam-gnome-keyring","binary_version":"3.10.1-1ubuntu4.4"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-20781.json"}},{"package":{"name":"gnome-keyring","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/gnome-keyring@3.18.3-0ubuntu2.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.3-0ubuntu2.1"}]}],"versions":["3.16.0-4ubuntu2","3.18.3-0ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"gnome-keyring","binary_version":"3.18.3-0ubuntu2.1"},{"binary_name":"libp11-kit-gnome-keyring","binary_version":"3.18.3-0ubuntu2.1"},{"binary_name":"libpam-gnome-keyring","binary_version":"3.18.3-0ubuntu2.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-20781.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}