Improper Permissions in GNOME GLib Keyfile Settings Backend
CVE-2019-13012

7.5HIGH

Key Information:

Vendor

Gnome
Status
Glib
Vendor
CVE Published:
28 June 2019

What is CVE-2019-13012?

The keyfile settings backend in GNOME GLib prior to version 2.60.0 is vulnerable due to insufficient restriction on directory and file permissions. The implementation creates directories and files with overly permissive settings: directories are assigned 0777 permissions, while files inherit default permissions. This lack of restriction can lead to unauthorized access and potential exploitation, similar to other known vulnerabilities.

References

https://gitlab.gnome.org/GNOME/glib/issues/1658
x_refsource_MISC
https://gitlab.gnome.org/GNOME/glib/merge_requests/450
x_refsource_MISC
https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6b...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.