In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
https://www.oracle.com/security-alerts/cpujan2021.html
https://usn.ubuntu.com/3894-1/
https://github.com/huntergregal/mimipenguin/tree/d95f1e08ce79783794f38433bbf7de5abd9792da
https://github.com/huntergregal/mimipenguin
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919
https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2
https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3
https://bugzilla.gnome.org/show_bug.cgi?id=781486
Source: Mitre, NVD
Published: 2019-02-12
Updated: 2024-11-21
Base Score: 2.1
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: Low
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.04708