CVE-2018-11786: Improper Privilege Management

September 18, 2018 (updated October 3, 2019)

In Apache Karaf, if the sshd service in Karaf is left on, an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access.

References

karaf.apache.org/security/cve-2018-11786.txt
issues.apache.org/jira/browse/KARAF-5427
nvd.nist.gov/vuln/detail/CVE-2018-11786

Detect and mitigate CVE-2018-11786 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →