UBUNTU-CVE-2024-5148

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-5148

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-5148.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-5148

Upstream

CVE-2024-5148

Downstream

USN-6785-1

Related

USN-6785-1

Published

2024-05-22T00:00:00Z

Modified

2026-02-04T03:53:37.148825Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.

References

Affected packages

Ubuntu:24.04:LTS / gnome-remote-desktop

Package

Name: gnome-remote-desktop
Purl: pkg:deb/ubuntu/gnome-remote-desktop@46.2-1~ubuntu24.04.2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

46.2-1~ubuntu24.04.2

Affected versions

45.*

45.0-1

45.1-1

45.1-1build1

Other

46~rc-0ubuntu2

46.*

46.0-2

46.1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gnome-remote-desktop",
            "binary_version": "46.2-1~ubuntu24.04.2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-5148.json"