Unrated severityOSV Advisory· Published Mar 25, 2019· Updated Aug 4, 2024

CVE-2019-3827

Description

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

Affected products

GNOME Foundation/GvfsOSV
Range: 1.10.0, 1.11.3, 1.11.4, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2019:1517mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:2145mitrevendor-advisoryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
gitlab.gnome.org/GNOME/gvfs/merge_requests/31mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000