CVE-2019-13179 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-13179 Interim 1 5 2025-02-17T02:02:52Z current 2021-05-30T14:29:10Z 2025-02-17T02:02:52Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-13179 Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption. CVE-2019-13179 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N