Lucene search

Veracode Vulnerability DatabaseVERACODE:21827

HistoryNov 06, 2019 - 12:21 a.m.

Authorization Bypass

2019-11-0600:21:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

gvfs is has an improper authorization flaw in daemon/gvfsdaemon.c in gvfsd.

CPENameOperatorVersion
gnome-desktop3eq3.28.2__1.el8
plymoutheq0.9.3__12.el8
sdleq1.2.15__32.el8
gnome-remote-desktopeq0.1.6__3.el8
nautiluseq3.28.1__5.el8
pidgineq2.13.0__4.el8
gdmeq3.28.3__20.el8
gnome-softwareeq3.30.6__1.el8
appstream-dataeq8__20180721.el8
appstream-dataeq8__20190215.el8_0

Name	Operator	Version
gnome-desktop3	eq	3.28.2__1.el8
plymouth	eq	0.9.3__12.el8
sdl	eq	1.2.15__32.el8
gnome-remote-desktop	eq	0.1.6__3.el8
nautilus	eq	3.28.1__5.el8
pidgin	eq	2.13.0__4.el8
gdm	eq	3.28.3__20.el8
gnome-software	eq	3.30.6__1.el8
appstream-data	eq	8__20180721.el8
appstream-data	eq	8__20190215.el8_0

Rows per page:

1-10 of 581

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html

lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html

www.securityfocus.com/bid/108741

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

access.redhat.com/errata/RHSA-2019:3553

access.redhat.com/security/updates/classification/#low

bugzilla.redhat.com/show_bug.cgi?id=1662193

bugzilla.redhat.com/show_bug.cgi?id=1667136

bugzilla.redhat.com/show_bug.cgi?id=1673011

bugzilla.redhat.com/show_bug.cgi?id=1674382

bugzilla.redhat.com/show_bug.cgi?id=1679127

bugzilla.redhat.com/show_bug.cgi?id=1680164

bugzilla.redhat.com/show_bug.cgi?id=1685811

bugzilla.redhat.com/show_bug.cgi?id=1687949

bugzilla.redhat.com/show_bug.cgi?id=1690506

bugzilla.redhat.com/show_bug.cgi?id=1696708

bugzilla.redhat.com/show_bug.cgi?id=1698520

bugzilla.redhat.com/show_bug.cgi?id=1698884

bugzilla.redhat.com/show_bug.cgi?id=1698923

bugzilla.redhat.com/show_bug.cgi?id=1698929

bugzilla.redhat.com/show_bug.cgi?id=1698930

bugzilla.redhat.com/show_bug.cgi?id=1704355

bugzilla.redhat.com/show_bug.cgi?id=1704360

bugzilla.redhat.com/show_bug.cgi?id=1704378

bugzilla.redhat.com/show_bug.cgi?id=1705583

bugzilla.redhat.com/show_bug.cgi?id=1706793

bugzilla.redhat.com/show_bug.cgi?id=1709937

bugzilla.redhat.com/show_bug.cgi?id=1713080

bugzilla.redhat.com/show_bug.cgi?id=1713330

bugzilla.redhat.com/show_bug.cgi?id=1713453

bugzilla.redhat.com/show_bug.cgi?id=1713685

bugzilla.redhat.com/show_bug.cgi?id=1715738

bugzilla.redhat.com/show_bug.cgi?id=1715761

bugzilla.redhat.com/show_bug.cgi?id=1715765

bugzilla.redhat.com/show_bug.cgi?id=1716771

bugzilla.redhat.com/show_bug.cgi?id=1718133

bugzilla.redhat.com/show_bug.cgi?id=1719241

bugzilla.redhat.com/show_bug.cgi?id=1719279

bugzilla.redhat.com/show_bug.cgi?id=1719779

bugzilla.redhat.com/show_bug.cgi?id=1720481

bugzilla.redhat.com/show_bug.cgi?id=1721195

bugzilla.redhat.com/show_bug.cgi?id=1721575

bugzilla.redhat.com/show_bug.cgi?id=1722047

bugzilla.redhat.com/show_bug.cgi?id=1722844

bugzilla.redhat.com/show_bug.cgi?id=1723467

bugzilla.redhat.com/show_bug.cgi?id=1723836

bugzilla.redhat.com/show_bug.cgi?id=1724551

bugzilla.redhat.com/show_bug.cgi?id=1725101

bugzilla.redhat.com/show_bug.cgi?id=1725107

bugzilla.redhat.com/show_bug.cgi?id=1725120

bugzilla.redhat.com/show_bug.cgi?id=1725555

bugzilla.redhat.com/show_bug.cgi?id=1725741

bugzilla.redhat.com/show_bug.cgi?id=1725766

bugzilla.redhat.com/show_bug.cgi?id=1725854

bugzilla.redhat.com/show_bug.cgi?id=1726093

bugzilla.redhat.com/show_bug.cgi?id=1726656

bugzilla.redhat.com/show_bug.cgi?id=1728277

bugzilla.redhat.com/show_bug.cgi?id=1731372

bugzilla.redhat.com/show_bug.cgi?id=1735382

bugzilla.redhat.com/show_bug.cgi?id=1737326

bugzilla.redhat.com/show_bug.cgi?id=1739116

bugzilla.redhat.com/show_bug.cgi?id=1739117

bugzilla.redhat.com/show_bug.cgi?id=1741547

gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a

gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f

gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe

lists.debian.org/debian-lts-announce/2019/06/msg00014.html

lists.fedoraproject.org/archives/list/[email protected]/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/

lists.fedoraproject.org/archives/list/[email protected]/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/

usn.ubuntu.com/4053-1/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:21827