7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
52.0%
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 18.04 | |
ubuntu_linux | eq | 18.10 | |
ubuntu_linux | eq | 19.04 | |
fedora | eq | 29 | |
fedora | eq | 30 | |
gvfs | ge | 1.29.4 | |
gvfs | le | 1.41.2 | |
leap | eq | 15.0 | |
leap | eq | 15.1 |
lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html
lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html
www.openwall.com/lists/oss-security/2019/07/09/3
gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80
lists.fedoraproject.org/archives/list/[email protected]/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/
lists.fedoraproject.org/archives/list/[email protected]/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/
usn.ubuntu.com/4053-1/
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
52.0%