Main Vulnerability Database Vulnerabilities #VU94782

#VU94782 Security features bypass in gnome-shell - CVE-2024-36472

Published: July 26, 2024

Vulnerability identifier: #VU94782

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-36472

CWE-ID: CWE-254

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
gnome-shell

Software vendor:
Gnome Development Team

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to missing access restrictions in portal helper, which can be launched automatically without user confirmation based on network responses provided by an adversary in the local network (e.g. WI-Fi). A remote attacker can consume system resources or perform other actions depending on the JavaScript code's behavior.

Remediation

Install updates from vendor's website.

External links

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688

#VU94782 Security features bypass in gnome-shell - CVE-2024-36472

Description

Remediation

External links

Please verify you're human