CVE-2017-12164

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-12164

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12164.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12164

Downstream

DEBIAN-CVE-2017-12164

openSUSE-SU-2024:10780-1

Related

Published

2018-07-26T16:29:00.327Z

Modified

2026-03-14T14:25:47.179781Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

References

Affected packages

Git / gitlab.gnome.org/GNOME/gdm

Affected ranges

Type

GIT

Repo

https://gitlab.gnome.org/GNOME/gdm

Events

Introduced

Last affected

fc04ebbe19f0944f7732e78fa55ccc59ea64e853

Fixed

ff98b28

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.24.1"
        }
    ]
}

Affected versions

2.*

2.27.4

2.5.4.2

3.*

3.0.0

3.1.2

3.1.90

3.1.91

3.1.92

3.10.0

3.10.0.1

3.11.2

3.11.3

3.11.4

3.11.90

3.11.92

3.11.92.1

3.12.0

3.12.1

3.12.2

3.13.91

3.13.92

3.14.0

3.14.1

3.15.2

3.15.3

3.15.3.1

3.15.90

3.15.90.1

3.15.90.2

3.15.90.3

3.15.90.4

3.15.90.5

3.15.91

3.15.91.1

3.15.91.2

3.15.92

3.16.0

3.16.0.1

3.16.1

3.16.1.1

3.17.2

3.17.3

3.17.3.1

3.17.4

3.17.90

3.17.92

3.18.0

3.19.2

3.19.4

3.19.4.1

3.19.90

3.19.91

3.19.92

3.20.0

3.20.1

3.21.2

3.21.3

3.21.4

3.21.90

3.21.91

3.22.0

3.22.1

3.23.4

3.23.91

3.23.91.1

3.23.92

3.24.0

3.3.92

3.3.92.1

3.4.0

3.4.0.1

3.4.1

3.5.2

3.5.4

3.5.4.1

3.5.4.2

3.5.5

3.5.90

3.5.91

3.5.92

3.5.92.1

3.6.0

3.7.2

3.7.3

3.7.3.1

3.7.5

3.7.90

3.7.91

3.8.0

3.8.1

3.8.1.1

3.8.3

3.9.5

3.9.90

3.9.92

Other

GDM2_2_13_0_0

GDM2_2_13_0_1

GDM2_2_13_0_10

GDM2_2_13_0_2

GDM2_2_13_0_3

GDM2_2_13_0_4

GDM2_2_13_0_5

GDM2_2_13_0_6

GDM2_2_13_0_7

GDM2_2_13_0_8

GDM2_2_13_0_9

GDM2_2_14_0

GDM2_2_14_1

GDM2_2_14_2

GDM2_2_14_3

GDM2_2_14_4

GDM2_2_15_0

GDM2_2_15_1

GDM2_2_15_10

GDM2_2_15_2

GDM2_2_15_3

GDM2_2_15_4

GDM2_2_15_5

GDM2_2_15_6

GDM2_2_15_7

GDM2_2_15_8

GDM2_2_15_9

GDM2_2_16_0

GDM2_2_17_0

GDM2_2_17_1

GDM2_2_17_2

GDM2_2_17_3

GDM2_2_17_4

GDM2_2_17_5

GDM2_2_17_6

GDM2_2_17_7

GDM2_2_17_8

GDM2_2_18_0

GDM2_2_2_1

GDM2_2_2_2_1

GDM2_2_4_0_11

GDM2_2_4_0_2

GDM2_2_4_0_3

GDM2_2_4_0_4

GDM2_2_4_0_5

GDM2_2_4_0_6

GDM2_2_4_0_7

GDM2_2_4_0_8

GDM2_2_4_0_9

GDM2_2_4_1_0

GDM2_2_4_1_1

GDM2_2_4_1_2

GDM2_2_4_1_3

GDM2_2_4_2_100

GDM2_2_4_2_101

GDM2_2_4_2_102

GDM2_2_4_2_95

GDM2_2_4_2_96

GDM2_2_4_2_97

GDM2_2_4_2_98

GDM2_2_4_2_99

GDM2_2_4_4_0

GDM2_2_4_4_1

GDM2_2_4_4_2

GDM2_2_4_4_3

GDM2_2_4_4_5

GDM2_2_5_90_0

GDM2_2_5_90_1

GDM2_2_5_90_2

GDM2_2_6_0_0

GDM2_2_6_0_1

GDM2_2_6_0_2

GDM2_2_6_0_3

GDM2_2_6_0_4

GDM2_2_6_0_5

GDM2_2_6_0_6

GDM2_2_6_0_7

GDM2_2_6_0_8

GDM2_2_8_0_0

GDM2_2_8_0_1

GDM2_4_4_4

GDM_2_0

GDM_2_21_1

GDM_2_21_2

GDM_2_21_4

GDM_2_21_5

GDM_2_21_6

GDM_2_21_7

GDM_2_21_8

GDM_2_21_9

GDM_2_22_0

GDM_2_23_2

GDM_2_23_90

GDM_2_23_92

GDM_2_24_0

GDM_2_25_1

GDM_2_25_2

GDM_2_25_92

GDM_2_26_0

GDM_2_26_1

GDM_2_27_90

GDM_2_28_0

GDM_2_28_1

GDM_2_28_92

GDM_2_29_0

GDM_2_29_1

GDM_2_29_4

GDM_2_29_5

GDM_2_29_6

GDM_2_29_92

GDM_2_2_3

GDM_2_2_3_2

GDM_2_2_4_2

GDM_2_2_4_3

GDM_2_2_5_1

GDM_2_2_ANCHOR

GDM_2_30_0

GDM_2_30_1

GDM_2_31_0

GDM_2_31_1

GDM_2_31_2

GDM_2_31_90

GDM_2_31_92

GDM_2_32_0

GDM_2_3_90_1

GDM_2_3_90_2

GDM_2_3_90_3

GDM_2_3_90_4

GDM_2_3_90_5

GDM_2_3_90_6

GDM_2_4_0_0

GDM_2_4_0_1

GDM_2_91_4

GDM_2_91_6

GDM_2_91_90

GDM_2_91_92

GDM_2_91_93

GDM_2_91_94

GNOME_PRINT_0_24

POST_SWITCH_TO_GOBJECT_BRANCH

STABLE

gdm2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12164.json"