Home

CVE-2019-3827

Description

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without users knowledge. Successful exploitation requires uncommon system configuration.

Risk Information

Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.061

Associated Vulnerability

VulnerabilityOS Platform
Gvfs update (ELSA-2019-1517) gvfs-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-afc update (ELSA-2019-1517) gvfs-afc-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-afp update (ELSA-2019-1517) gvfs-afp-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-archive update (ELSA-2019-1517) gvfs-archive-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-client update (ELSA-2019-1517) gvfs-client-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-devel update (ELSA-2019-1517) gvfs-devel-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-fuse update (ELSA-2019-1517) gvfs-fuse-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-goa update (ELSA-2019-1517) gvfs-goa-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-gphoto2 update (ELSA-2019-1517) gvfs-gphoto2-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-mtp update (ELSA-2019-1517) gvfs-mtp-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs-smb update (ELSA-2019-1517) gvfs-smb-1.36.2-2.el8_0.1.x86_64.rpmLinux
Gvfs update (ELSA-2019-1517) gvfs-1.36.2-2.el8_0.1.i686.rpmLinux
Gvfs-client update (ELSA-2019-1517) gvfs-client-1.36.2-2.el8_0.1.i686.rpmLinux
Gvfs-devel update (ELSA-2019-1517) gvfs-devel-1.36.2-2.el8_0.1.i686.rpmLinux
(RHSA-2019:2145)Moderate: security and bug fix update gvfs-debuginfo-1.36.2-3.el7.i686.rpmLinux
(RHSA-2019:2145)Moderate: security and bug fix update gvfs-debuginfo-1.36.2-3.el7.x86_64.rpmLinux
Gvfs update (ELSA-2019-2145) gvfs-1.36.2-3.el7.i686.rpmLinux
Gvfs update (ELSA-2019-2145) gvfs-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-afc update (ELSA-2019-2145) gvfs-afc-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-afp update (ELSA-2019-2145) gvfs-afp-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-archive update (ELSA-2019-2145) gvfs-archive-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-client update (ELSA-2019-2145) gvfs-client-1.36.2-3.el7.i686.rpmLinux
Gvfs-client update (ELSA-2019-2145) gvfs-client-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-devel update (ELSA-2019-2145) gvfs-devel-1.36.2-3.el7.i686.rpmLinux
Gvfs-devel update (ELSA-2019-2145) gvfs-devel-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-fuse update (ELSA-2019-2145) gvfs-fuse-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-goa update (ELSA-2019-2145) gvfs-goa-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-gphoto2 update (ELSA-2019-2145) gvfs-gphoto2-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-mtp update (ELSA-2019-2145) gvfs-mtp-1.36.2-3.el7.x86_64.rpmLinux
Gvfs-smb update (ELSA-2019-2145) gvfs-smb-1.36.2-3.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234