VDB
CVE-2018-14335
CVE-2018-14335
PUBLISHED
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
EPSS 8.45% · 92.5th percentile
Risk Scores
EPSS Score
8.45%
92.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | h2database | 0, 1.4.185-1, 1.4.185-2 |
| Ubuntu:20.04:LTS | h2database | 1.4.197-4, 1.4.197-4+deb10u1build0.20.04.1, 0 |
| Ubuntu:Pro:18.04:LTS | h2database | 0, 1.4.196-2, 1.4.196-2ubuntu0.1~esm1 |
Exploit Intelligence
- https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20 (nist-nvd)
- https://www.exploit-db.com/exploits/45105/ (nist-nvd)
- H2 Database 1.4.197 - Information Disclosure Exploit (0day-today)
- H2 Database 1.4.197 - Information Disclosure Exploit (0day-today)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppression.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
- dependency-check-suppress.xml (github-poc)
…and 2 more exploits
Timeline
- Jul 24, 2018 CVE Published
- Jul 30, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-14335 third-party-advisory
- https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-14335 third-party-advisory