Описание
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
Ссылки
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- ExploitMailing ListPatchThird Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- ExploitMailing ListPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.62.5 (исключая)Версия от 2.63.0 (включая) до 2.63.6 (исключая)
Одно из
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
EPSS
Процентиль: 17%
0.00056
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-200
CWE-552
Связанные уязвимости
CVSS3: 5.5
ubuntu
около 3 лет назад
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
CVSS3: 5.5
redhat
больше 4 лет назад
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
CVSS3: 5.5
debian
около 3 лет назад
A flaw was found in glib before version 2.63.6. Due to random charset ...
EPSS
Процентиль: 17%
0.00056
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-200
CWE-552