opensc is vulnerable to incorrect permission check. It allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running.
CPE | Name | Operator | Version |
---|---|---|---|
gvfs | eq | 1.30.4__5.el7 | |
gvfs | eq | 1.36.2__1.el7 |
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:1517
access.redhat.com/errata/RHSA-2019:2145
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1619719
bugzilla.redhat.com/show_bug.cgi?id=1632960
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827
gitlab.gnome.org/GNOME/gvfs/merge_requests/31