Information Exposure Vulnerability in GNOME NetworkManager by Red Hat
CVE-2018-1000135

7.5HIGH

Key Information:

Vendor
Gnome
Status
Networkmanager
Vendor
CVE Published:
20 March 2018

Summary

GNOME NetworkManager versions prior to 1.10.3 are vulnerable to an Information Exposure issue that can lead to the leakage of Private DNS queries to local network DNS servers while using a VPN. This flaw compromises user privacy, as sensitive DNS queries may be exposed, allowing malicious actors on the local network to track and analyze user activities. While some fixes were applied in specific Ubuntu 16.04 packages, subsequent updates removed these safeguards, leaving systems at risk. An upstream fix has not been made available, highlighting the need for urgent remediation steps.

References

https://bugzilla.gnome.org/show_bug.cgi?id=746422
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103478
vdb-entryx_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1553634
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-1000135 : Information Exposure Vulnerability in GNOME NetworkManager by Red Hat | SecurityVulnerability.io