Lucene search
Ubuntu.comUB:CVE-2024-36472HistoryMay 28, 2024 - 12:00 a.m.
CVE-2024-36472
2024-05-2800:00:00
ubuntu.com
ubuntu.com
72
gnome shell
automatic launch
untrusted javascript
network responses
resource consumption
cve-2024-36472
wi-fi network
6.3 Medium
AI Score
Confidence
Low
In GNOME Shell through 45.7, a portal helper can be launched automatically
(without user confirmation) based on network responses provided by an
adversary (e.g., an adversary who controls the local Wi-Fi network), and
subsequently loads untrusted JavaScript code, which may lead to resource
consumption or other impacts depending on the JavaScript code’s behavior.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072124>
- <https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7666 (context)>
- <https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688>
Notes
| Author | Note |
|---|---|
| mdeslaur | as of 2024-06-03, there is no upstream fix for this issue |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | gnome-shell | < any | UNKNOWN |
Related
cvelist
cvelist
CVE-2024-36472
1976-01-01 00:00:00
redhatcve
redhatcve
CVE-2024-36472
2024-05-29 08:50:22
cve
cve
CVE-2024-36472
2024-05-28 16:15:17
CVE-2023-50977
2024-05-27 14:15:09
nvd
nvd
CVE-2024-36472
2024-05-28 16:15:17
CVE-2023-50977
2024-05-27 14:15:09
debiancve
debiancve
CVE-2024-36472
2024-05-28 16:15:17
osv
osv
CVE-2024-36472
2024-05-28 16:15:17
nessus
nessus
GNOME Shell <= 45.7 Code Execution in Portal Helper (CVE-2024-36472)
2024-05-31 00:00:00