Main Vulnerability Database Vulnerabilities #VU84370

Insufficient UI Warning of Dangerous Operations in gnome-control-center (Ubuntu package) - CVE-2023-5616

Published: December 13, 2023

Vulnerability identifier: #VU84370

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-5616

CWE-ID: CWE-357

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Canonical Ltd.

Affected software:
gnome-control-center (Ubuntu package)

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass expected security restrictions.

The vulnerability exists due to an error in GNOME Settings that did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

How to mitigate CVE-2023-5616

Install updates from vendor's website.

Sources

https://ubuntu.com/security/notices/USN-6554-1

Insufficient UI Warning of Dangerous Operations in gnome-control-center (Ubuntu package) - CVE-2023-5616

Detailed vulnerability description

How to mitigate CVE-2023-5616

Sources

Please verify you're human