2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
4.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0.0004 Low
EPSS
Percentile
12.9%
A bug in Bluez may allow for the Bluetooth Discoverable state being set to
on when no Bluetooth agent is registered with the system. This situation
could lead to the unauthorized pairing of certain Bluetooth devices without
any form of authentication. Versions before bluez 5.51 are vulnerable.
Author | Note |
---|---|
mdeslaur | actual bug in bluez, but there is a work-around in gnome-bluetooth https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89 gnome-bluetooth <=3.26 used synchronous d-bus calls, so the issue doesn’t present itself the bluez patches add new functionnality that newer versions of gnome-bluetooth can use to fix this issue. Since the workaround was applied to gnome-bluetooth, we aren’t going to add these commits to bluez. Marking as ignored. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | gnome-bluetooth | < 3.28.0-2ubuntu0.1 | UNKNOWN |
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
4.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0.0004 Low
EPSS
Percentile
12.9%