Permissions, Privileges, and Access Controls in Gnome GLib - CVE-2019-12450
Published: June 3, 2019
Vulnerability identifier: #VU18658
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-12450
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Gnome Development Team
Affected software:
Gnome GLib
Gnome GLib
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application applies default directory permissions to files while copying them in file_copy_fallback() function in gio/gfile.c. A local user can interfere with the copying operation and gain access to otherwise restricted files, as the application applies correct access permissions after the file was copied only.
Such application behavior allows a local user to access potentially sensitive data or modify file contents in case directory permissions that were applied to the file allow such operations.
How to mitigate CVE-2019-12450
Install updates from vendor's website.