Published: 29/05/2019 Updated: 07/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.7 | Impact Score: 3.6 | Exploitability Score: 2.1

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

An issue exists in GNOME gvfs 1.29.4 up to and including 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gvfs
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
opensuse leap 15.0
canonical ubuntu linux 18.10
canonical ubuntu linux 19.04
fedoraproject fedora 29
fedoraproject fedora 30
opensuse leap 15.1

Debian Bug report logs - #929755 gvfs: CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 Package: src:gvfs; Maintainer for src:gvfs is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 30 May 2019 14:03:02 UTC Severity: important Tags ...

Several security issues were fixed in GVfs ...

Synopsis Moderate: GNOME security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for GNOME is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Severity Unknown Remote Unknown Type Unknown Description AVG-1007 gvfs 1401-1 1402-1 Unknown Fixed ...

oss-sec mailing list archives   By Date By Thread </form>    Privileged File Access from Desktop Applications   From: Malte Kraus < ...

CWE-755 http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html https://usn.ubuntu.com/4053-1/http://www.openwall.com/lists/oss-security/2019/07/09/3 https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929755 https://usn.ubuntu.com/4053-1/https://nvd.nist.gov

CVE-2019-12449

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect