Описание
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.28.3-0ubuntu18.04.6 |
| devel | released | 3.38.1-2ubuntu1.1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 3.28.3-0ubuntu18.04.6 |
| esm-infra/focal | not-affected | 3.36.3-0ubuntu0.20.04.2 |
| focal | released | 3.36.3-0ubuntu0.20.04.2 |
| groovy | released | 3.38.1-2ubuntu1.1 |
| hirsute | released | 3.38.1-2ubuntu1.1 |
| impish | released | 3.38.1-2ubuntu1.1 |
Показывать по
EPSS
4.6 Medium
CVSS2
7.2 High
CVSS3
Связанные уязвимости
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup ...
EPSS
4.6 Medium
CVSS2
7.2 High
CVSS3