Home > Vulnerability Database > CVE-2019-13179

Mend.io Vulnerability Database

CVE-2019-13179

Date: July 2, 2019

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.

Language: C++

Severity Score

7.5

Related Resources (14)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/

Url: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096

Url: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1726542

Url: https://security-tracker.debian.org/tracker/CVE-2019-13179

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-13179

Url: https://calamares.io/calamares-3.2.11-is-out/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/

Url: https://github.com/calamares/calamares/issues/1191

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13179

Url: https://calamares.io/calamares-cve-2019/

Url: https://www.mend.io/vulnerability-database/CVE-2019-13179

Severity Score

7.5

Weakness Type (CWE)

Permission Issues

CWE-275

Insufficiently Protected Credentials

CWE-522

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-13179

Date: July 2, 2019

Language: C++

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?