Main Vulnerability Database Vulnerabilities #VU94782

Security features bypass in gnome-shell - CVE-2024-36472

Published: July 26, 2024

Vulnerability identifier: #VU94782

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-36472

CWE-ID: CWE-254

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Gnome Development Team

Affected software:
gnome-shell

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to missing access restrictions in portal helper, which can be launched automatically without user confirmation based on network responses provided by an adversary in the local network (e.g. WI-Fi). A remote attacker can consume system resources or perform other actions depending on the JavaScript code's behavior.

How to mitigate CVE-2024-36472

Install updates from vendor's website.

Sources

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688

Security features bypass in gnome-shell - CVE-2024-36472

Detailed vulnerability description

How to mitigate CVE-2024-36472

Sources

Please verify you're human