File Ownership Vulnerability in GNOME gvfs
CVE-2019-12447

7.3HIGH

Key Information:

Vendor

Gnome
Status
Gvfs
Vendor
CVE Published:
29 May 2019

What is CVE-2019-12447?

A security flaw in GNOME gvfs versions from 1.29.4 to 1.41.2 has been identified, where improper handling of file ownership can lead to unauthorized access. The issue arises due to a failure to use setfsuid in the daemon/gvfsbackendadmin.c file. This can potentially allow attackers to manipulate file access permissions, jeopardizing system security and user data integrity. Users of affected versions should consider upgrading to secure their systems against this vulnerability.

References

http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
https://usn.ubuntu.com/4053-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.