Main Vulnerability Database Vulnerabilities #VU84370

Insufficient UI Warning of Dangerous Operations in gnome-control-center (Ubuntu package) - CVE-2023-5616

Published: December 13, 2023

Vulnerability identifier: #VU84370

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-5616

CWE-ID: CWE-357

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
gnome-control-center (Ubuntu package)

Software vendor:
Canonical Ltd.

Description

The vulnerability allows a remote attacker to bypass expected security restrictions.

The vulnerability exists due to an error in GNOME Settings that did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

Remediation

Install updates from vendor's website.

External links

https://ubuntu.com/security/notices/USN-6554-1

Insufficient UI Warning of Dangerous Operations in gnome-control-center (Ubuntu package) - CVE-2023-5616

Description

Remediation

External links

Please verify you're human