Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-36472

Опубликовано: 28 мая 2024
Источник: debian
EPSS Низкий

Описание

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gnome-shellfixed47.0-3package
gnome-shellno-dsabookwormpackage
gnome-shellno-dsabullseyepackage
gnome-shellpostponedbusterpackage

Примечания

  • https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688

  • https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/3307

  • https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/3408

  • https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/5aa89fa9e62d20c99afd2eff13901faef96244ad (47.alpha)

  • https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/57de9ee874bff07b71dc323e54d5d721c4ded7fe (47.beta)

  • https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/4ab1ccf3f21b754ce4be77becf5df46084a893d8 (47.beta)

  • https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/14037478633c15a38a63d46af5f7d28bc00fd376 (47.beta)

  • As hardening related to CVE-2024-36472, version gnome-shell/47~rc-3 disabled

  • the portal helper popup window and uses the notification/browser method.

EPSS

Процентиль: 6%
0.00029
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-36472

CVSS3: 6.5
ubuntu
около 1 года назад

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

redhat логотип

CVE-2024-36472

CVSS3: 7.5
redhat
около 1 года назад

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

nvd логотип

CVE-2024-36472

CVSS3: 6.5
nvd
около 1 года назад

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

suse-cvrf логотип

SUSE-SU-2024:2618-1

suse-cvrf
11 месяцев назад

Security update for gnome-shell

suse-cvrf логотип

SUSE-SU-2024:2589-1

suse-cvrf
11 месяцев назад

Security update for gnome-shell

EPSS

Процентиль: 6%
0.00029
Низкий