CVE-2019-3827

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3827

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3827.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3827

Related

Published

2019-03-25T18:29:00Z

Modified

2024-09-11T04:30:28.849715Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

References

Affected packages

Debian:11 / gvfs

Package

Name: gvfs
Purl: pkg:deb/debian/gvfs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.38.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gvfs

Package

Name: gvfs
Purl: pkg:deb/debian/gvfs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.38.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gvfs

Package

Name: gvfs
Purl: pkg:deb/debian/gvfs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.38.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/gvfs

Affected ranges

Type: GIT
Repo: https://github.com/gnome/gvfs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8f840a1b51d1a6aa185652af57fd6052da1c661a

Affected versions

1.*

1.10.0

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.12.0

1.12.1

1.13.0

1.13.1

1.13.2

1.13.3

1.13.4

1.13.5

1.13.6

1.13.7

1.13.8

1.13.9

1.14.0

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.16.0

1.17.0

1.17.1

1.17.2

1.17.3

1.17.90

1.18.0

1.18.1

1.18.2

1.19.1

1.19.2

1.19.3

1.19.4

1.19.5

1.19.90

1.20.0

1.21.1

1.21.2

1.21.3

1.21.4

1.21.90

1.21.92

1.22.0

1.23.1

1.23.2

1.23.3

1.23.4

1.23.90

1.23.92

1.24.0

1.25.1

1.25.2

1.25.3

1.25.4

1.25.4.1

1.25.90

1.25.91

1.25.92

1.26.0

1.26.1

1.26.1.1

1.26.2

1.27.3

1.27.4

1.27.90

1.27.91

1.27.92

1.28.0

1.28.1

1.29.1

1.29.2

1.29.3

1.29.4

1.29.90

1.29.91

1.29.92

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.30.0

1.31.1

1.31.2

1.31.3

1.31.4

1.31.90

1.31.91

1.31.92

1.32.0

1.33.1

1.33.3

1.33.90

1.33.91

1.33.92

1.34.0

1.35.1

1.35.2

1.35.3

1.35.4

1.35.90

1.35.91

1.35.92

1.36.0

1.37.1

1.37.2

1.37.4

1.37.90

1.37.91

1.38.0

1.39.1

1.39.3

1.4.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.7.0

1.7.1

1.7.2

1.7.3

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

Other

GVFS_0_0_1

GVFS_0_0_2

GVFS_0_1_0

GVFS_0_1_1

GVFS_0_1_10

GVFS_0_1_11

GVFS_0_1_2

GVFS_0_1_3

GVFS_0_1_4

GVFS_0_1_5

GVFS_0_1_6

GVFS_0_1_7

GVFS_0_1_8

GVFS_0_1_9

GVFS_0_2_0

GVFS_0_2_0_1

GVFS_0_2_1

GVFS_0_2_2

GVFS_0_2_4

GVFS_0_99_1

GVFS_0_99_2

GVFS_0_99_3

GVFS_0_99_4

GVFS_0_99_5

GVFS_0_99_6

GVFS_0_99_7

GVFS_1_1_1

GVFS_1_1_2

GVFS_1_1_3

GVFS_1_1_4

GVFS_1_1_5

GVFS_1_1_6

GVFS_1_1_7

GVFS_1_1_8

GVFS_1_2_1

GVFS_1_2_2