CVE-2019-3827

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3827
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3827.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3827
Related
Published
2019-03-25T18:29:00Z
Modified
2024-09-18T03:04:53.841667Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

References

Affected packages

Debian:11 / gvfs

Package

Name
gvfs
Purl
pkg:deb/debian/gvfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.38.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gvfs

Package

Name
gvfs
Purl
pkg:deb/debian/gvfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.38.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gvfs

Package

Name
gvfs
Purl
pkg:deb/debian/gvfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.38.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/gvfs

Affected ranges

Type
GIT
Repo
https://github.com/gnome/gvfs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.10.0
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.12.0
1.12.1
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.13.9
1.14.0
1.15.0
1.15.1
1.15.2
1.15.3
1.15.4
1.16.0
1.17.0
1.17.1
1.17.2
1.17.3
1.17.90
1.18.0
1.18.1
1.18.2
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.90
1.20.0
1.21.1
1.21.2
1.21.3
1.21.4
1.21.90
1.21.92
1.22.0
1.23.1
1.23.2
1.23.3
1.23.4
1.23.90
1.23.92
1.24.0
1.25.1
1.25.2
1.25.3
1.25.4
1.25.4.1
1.25.90
1.25.91
1.25.92
1.26.0
1.26.1
1.26.1.1
1.26.2
1.27.3
1.27.4
1.27.90
1.27.91
1.27.92
1.28.0
1.28.1
1.29.1
1.29.2
1.29.3
1.29.4
1.29.90
1.29.91
1.29.92
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.30.0
1.31.1
1.31.2
1.31.3
1.31.4
1.31.90
1.31.91
1.31.92
1.32.0
1.33.1
1.33.3
1.33.90
1.33.91
1.33.92
1.34.0
1.35.1
1.35.2
1.35.3
1.35.4
1.35.90
1.35.91
1.35.92
1.36.0
1.37.1
1.37.2
1.37.4
1.37.90
1.37.91
1.38.0
1.39.1
1.39.3
1.4.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1
1.7.2
1.7.3
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5

Other

GVFS_0_0_1
GVFS_0_0_2
GVFS_0_1_0
GVFS_0_1_1
GVFS_0_1_10
GVFS_0_1_11
GVFS_0_1_2
GVFS_0_1_3
GVFS_0_1_4
GVFS_0_1_5
GVFS_0_1_6
GVFS_0_1_7
GVFS_0_1_8
GVFS_0_1_9
GVFS_0_2_0
GVFS_0_2_0_1
GVFS_0_2_1
GVFS_0_2_2
GVFS_0_2_4
GVFS_0_99_1
GVFS_0_99_2
GVFS_0_99_3
GVFS_0_99_4
GVFS_0_99_5
GVFS_0_99_6
GVFS_0_99_7
GVFS_1_1_1
GVFS_1_1_2
GVFS_1_1_3
GVFS_1_1_4
GVFS_1_1_5
GVFS_1_1_6
GVFS_1_1_7
GVFS_1_1_8
GVFS_1_2_1
GVFS_1_2_2