Gvfs
CVE-2019-12447
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
AnalysisAI
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. Affected products include: Gnome Gvfs, Canonical Ubuntu Linux, Fedoraproject Fedora, Opensuse Leap. Version information: through 1.41.2..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated high severity (CVSS 8.1), this vulnerability is remot
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a priv
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modif
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated medium severity (CVSS 5.7), this vulnerability is rem
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today