Gnome Keyring
By the Year
In 2024 there have been 0 vulnerabilities in Gnome Keyring . Gnome Keyring did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.80 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Gnome Keyring vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gnome Keyring Security Vulnerabilities
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned
CVE-2018-20781
7.8 - High
- February 12, 2019
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Insufficiently Protected Credentials
GNOME Keyring through 3.28.2
CVE-2018-19358
7.8 - High
- November 18, 2018
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Gnome Keyring or by GNOME? Click the Watch button to subscribe.
