ghsa-whx7-c8j2-42vv
Vulnerability from github
Published
2022-05-24 16:47
Modified
2022-05-24 16:47
Details
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
{ "affected": [], "aliases": [ "CVE-2019-12795" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-06-11T22:29:00Z", "severity": "HIGH" }, "details": "daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)", "id": "GHSA-whx7-c8j2-42vv", "modified": "2022-05-24T16:47:47Z", "published": "2022-05-24T16:47:47Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12795" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:3553" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2" }, { "type": "WEB", "url": "https://usn.ubuntu.com/4053-1" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/108741" } ], "schema_version": "1.4.0", "severity": [] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.