Remote Code Execution Vulnerability in GNOME Shell
CVE-2024-36472

6.5MEDIUM

Key Information:

Vendor: GNOME
Vendor: CVE Published:; 28 May 2024

Summary

A vulnerability in GNOME Shell prior to version 45.7 allows a portal helper to be launched automatically without user confirmation in response to manipulated network conditions. This may occur under the influence of an adversary controlling the local Wi-Fi network. Once triggered, it can execute untrusted JavaScript code, leading to potential resource consumption or other impacts depending on the nature of the executed code. Awareness of such vulnerabilities underscores the importance of secure network practices and vigilant monitoring to safeguard user environments.

References

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2024