Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2019-12450

Published: 29/05/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Gnome

Vulnerability Summary

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 up to and including 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome glib

debian debian linux 8.0

redhat enterprise linux 8.0

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux eus 8.4

redhat enterprise linux server aus 8.4

redhat enterprise linux server aus 8.6

redhat enterprise linux server tus 8.6

redhat enterprise linux eus 8.6

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

canonical ubuntu linux 19.04

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

opensuse leap 15.0

fedoraproject fedora 30

Vendor Advisories

Debian CVElist Bug Report Logs: glib2.0: CVE-2019-12450
Debian Bug report logs - #929753 glib20: CVE-2019-12450 Package: src:glib20; Maintainer for src:glib20 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 30 May 2019 13:33:02 UTC Severity: grave Tags: security, upstream Fou ...
Debian CVElist Bug Report Logs: glib2.0: CVE-2019-13012: keyfile settings backend: Consider tightening permissions
Debian Bug report logs - #931234 glib20: CVE-2019-13012: keyfile settings backend: Consider tightening permissions Package: src:glib20; Maintainer for src:glib20 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 28 Jun 2019 ...
Ubuntu Security Notice: glib2.0 vulnerability
GLib could be made to expose sensitive information if it received a specially crafted file ...
Ubuntu Security Notice: glib2.0 vulnerability
GLib could be made to expose sensitive information if it received a specially crafted file ...
Red Hat: Moderate: glib2 and ibus security and bug fix update
Краткий обзор Moderate: glib2 and ibus security and bug fix update Тип/Серьезность Security Advisory: Moderate Тема An update for glib2 and ibus is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderat ...
Red Hat: Moderate: glib2 security, bug fix, and enhancement update
Synopsis Moderate: glib2 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glib2 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update
Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Amazon Linux AMI: ALAS-2019-1256
file_copy_fallback in gio/gfilec in GNOME GLib does not properly restrict file permissions while a copy operation is in progress Instead, default permissions are used(CVE-2019-12450) ...
Amazon Linux 2: ALAS2-2019-1289
file_copy_fallback in gio/gfilec in GNOME GLib 2561 does not properly restrict file permissions while a copy operation is in progress Instead, default permissions are used (CVE-2019-12450) ...
Amazon Linux 2: ALAS2-2020-1553
file_copy_fallback in gio/gfilec in GNOME GLib 2150 through 2611 does not properly restrict file permissions while a copy operation is in progress Instead, default permissions are used (CVE-2019-12450) ...
Red Hat: CVE-2019-12450
Impact: Important Public Date: 2019-05-23 CWE: CWE-552 Bugzilla: 1719141: CVE-2019-12450 glib2: file_co ...

References

CWE-362CWE-276https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174https://security.netapp.com/advisory/ntap-20190606-0003/https://usn.ubuntu.com/4014-1/https://usn.ubuntu.com/4014-2/https://lists.debian.org/debian-lts-announce/2019/06/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.htmlhttps://access.redhat.com/errata/RHSA-2019:3530https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929753https://usn.ubuntu.com/4014-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook