Once you have setup using the walkthrough below, the following metadata will become available in PagerDuty:
CUSTOM DETAILS | |
---|---|
created | 2019-11-21T04:47:09.837Z |
cve | CVE-2019-19126 |
description | On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. |
impacted_artifacts | [ { "depth": 0, "display_name": "connector:0.8.0", "infected_files": [ { "depth": 0, "display_name": "debian:buster:libc6:2.28-10", "name": "libc6:2.28-10", "parent_sha": "9411f38bb959244da6cb01b9baeb079f9e5193832ad5c7b4ad3aa45301f50e1c", "path": "", "pkg_type": "Debian", "sha256": "30fe03584a947466c61145df3cd7ea3c0503aa319b8bc913f373701fdff44e85" } ], "name": "manifest.json", "parent_sha": "6537920ab5240121a74713c46c3f5a3f0a13db43fe16684be6db91dd21706501", "path": "default/integrations/connector/0.8.0/", "pkg_type": "Docker", "sha1": "", "sha256": "6537920ab5240121a74713c46c3f5a3f0a13db43fe16684be6db91dd21706501" } ] |
provider | JFrog |
severity | Low |
summary | On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. |
type | security |
policy | PD_Test-2-policy |
watch | PD_Test-2-Watch |