{ "threat_severity" : "Low", "public_date" : "2019-06-05T00:00:00Z", "bugzilla" : { "description" : "gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd", "id" : "1726505", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1726505" }, "cvss3" : { "cvss3_base_score" : "4.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-285", "details" : [ "daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)" ], "statement" : "This issue affects the versions of gvfs as shipped with Red Hat Enterprise Linux 6, 7, and 8.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "accountsservice-0:0.6.50-7.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "appstream-data-0:8-20190805.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "baobab-0:3.28.0-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "chrome-gnome-shell-0:10.1-6.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "evince-0:3.28.4-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "file-roller-0:3.28.1-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gdk-pixbuf2-0:2.36.12-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gdm-1:3.28.3-22.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gjs-0:1.56.2-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-control-center-0:3.28.2-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-desktop3-0:3.32.2-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-remote-desktop-0:0.1.6-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-settings-daemon-0:3.32.0-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-shell-0:3.32.2-9.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-shell-extensions-0:3.32.1-10.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-software-0:3.30.6-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gnome-tweaks-0:3.28.1-6.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gsettings-desktop-schemas-0:3.32.0-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gtk3-0:3.22.30-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "gvfs-0:1.36.2-6.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "mozjs60-0:60.9.0-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "mutter-0:3.32.2-10.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "nautilus-0:3.28.1-10.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "pango-0:1.42.4-6.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "pidgin-0:2.13.0-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "plymouth-0:0.9.3-15.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "SDL-0:1.2.15-35.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "wayland-protocols-0:1.17-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "webkit2gtk3-0:2.24.3-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "accountsservice-0:0.6.50-7.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "appstream-data-0:8-20190805.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "baobab-0:3.28.0-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "chrome-gnome-shell-0:10.1-6.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "evince-0:3.28.4-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "file-roller-0:3.28.1-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gdk-pixbuf2-0:2.36.12-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gdm-1:3.28.3-22.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gjs-0:1.56.2-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-control-center-0:3.28.2-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-desktop3-0:3.32.2-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-remote-desktop-0:0.1.6-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-settings-daemon-0:3.32.0-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-shell-0:3.32.2-9.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-shell-extensions-0:3.32.1-10.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-software-0:3.30.6-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gnome-tweaks-0:3.28.1-6.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gsettings-desktop-schemas-0:3.32.0-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gtk3-0:3.22.30-4.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "gvfs-0:1.36.2-6.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "mozjs60-0:60.9.0-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "mutter-0:3.32.2-10.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "nautilus-0:3.28.1-10.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "pango-0:1.42.4-6.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "pidgin-0:2.13.0-5.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "plymouth-0:0.9.3-15.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "SDL-0:1.2.15-35.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "wayland-protocols-0:1.17-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-11-05T00:00:00Z", "advisory" : "RHSA-2019:3553", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "webkit2gtk3-0:2.24.3-1.el8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "gvfs", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "gvfs", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-12795\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12795" ], "name" : "CVE-2019-12795", "csaw" : false }