Red Hat Enterprise Linux 8.2 update for gnome-settings-daemon
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-14391 |
| CWE-ID | CWE-312 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux Server - TUS Operating systems & Components / Operating system gnome-settings-daemon (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Cleartext storage of sensitive information
EUVDB-ID: #VU49120
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14391
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the GNOME Control Center in the way it handles credentials passed from Red Hat Customer Portal. When a user registers a system through the GNOME Settings User Interface, the user's credentials are passed as an argument to gnome-settings-daemon helper, making it readable by an unprivileged local user.
Install updates from vendor's website.
Red Hat Enterprise Linux Server - TUS: 8.2
gnome-settings-daemon (Red Hat package): before 3.32.0-9.el8_2.1
External linkshttp://access.redhat.com/errata/RHSA-2021:0266
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
