Описание
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | glib2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 7 | glib2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | firefox:flatpak/firefox | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-glib2 | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected | ||
| Red Hat Enterprise Linux 9 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 8 | glib2 | Fixed | RHSA-2021:4385 | 09.11.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200->CWE-552
https://bugzilla.redhat.com/show_bug.cgi?id=1938284glib2: Possible privilege escalation thourgh pkexec and aliases
EPSS
Процентиль: 17%
0.00056
Низкий
5.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.5
ubuntu
около 3 лет назад
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
CVSS3: 5.5
nvd
около 3 лет назад
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
CVSS3: 5.5
debian
около 3 лет назад
A flaw was found in glib before version 2.63.6. Due to random charset ...
EPSS
Процентиль: 17%
0.00056
Низкий
5.5 Medium
CVSS3