SSH Remote Login Exposure in Ubuntu Gnome Control Center
CVE-2023-5616

4.9MEDIUM

Key Information:

Vendor

Canonical Ltd.

Status
Ubuntu's Gnome-control-center
Vendor
CVE Published:
15 April 2025

What is CVE-2023-5616?

In Ubuntu's gnome-control-center, a flaw was found where it failed to accurately reflect the SSH remote login status when the system utilized systemd socket activation for the openssh-server. This discrepancy could inadvertently leave the local machine susceptible to unauthorized remote SSH access, contrary to user expectations. Users relying on the gnome-control-center for managing remote logins may find their systems exposed if proper configurations are not verified.

Affected Version(s)

Ubuntu's gnome-control-center Linux 1:45 < 1:45.0-1ubuntu3.1

Ubuntu's gnome-control-center Linux 1:44 < 1:44.0-1ubuntu6.1

Ubuntu's gnome-control-center Linux 1:41 < 1:41.7-0ubuntu0.22.04.8

References

https://bugs.launchpad.net/ubuntu/+source/gnome-control-c...
issue-tracking
https://ubuntu.com/security/notices/USN-6554-1
vendor-advisory
https://ubuntu.com/security/CVE-2023-5616
issue-tracking

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zygmunt Krynicki
JSON
.