Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for control_center by gnome

    CVE-2023-5616 (GCVE-0-2023-5616)

    Vulnerability from nvd – Published: 2025-04-15 18:29 – Updated: 2025-04-15 20:51
    VLAI
    Summary
    In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Canonical Ltd. Ubuntu's gnome-control-center Affected: 1:45 , < 1:45.0-1ubuntu3.1 (deb)
    Affected: 1:44 , < 1:44.0-1ubuntu6.1 (deb)
    Affected: 1:41 , < 1:41.7-0ubuntu0.22.04.8 (deb)
    Affected: 1:3 , < 1:3.36.5-0ubuntu4.1 (deb)
    Create a notification for this product.
    Credits
    Zygmunt Krynicki
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T20:51:27.350779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-290",
                    "description": "CWE-290 Authentication Bypass by Spoofing",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T20:51:31.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "Ubuntu\u0027s gnome-control-center",
              "platforms": [
                "Linux"
              ],
              "product": "Ubuntu\u0027s gnome-control-center",
              "repo": "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop",
              "vendor": "Canonical Ltd.",
              "versions": [
                {
                  "lessThan": "1:45.0-1ubuntu3.1",
                  "status": "affected",
                  "version": "1:45",
                  "versionType": "deb"
                },
                {
                  "lessThan": "1:44.0-1ubuntu6.1",
                  "status": "affected",
                  "version": "1:44",
                  "versionType": "deb"
                },
                {
                  "lessThan": "1:41.7-0ubuntu0.22.04.8",
                  "status": "affected",
                  "version": "1:41",
                  "versionType": "deb"
                },
                {
                  "lessThan": "1:3.36.5-0ubuntu4.1",
                  "status": "affected",
                  "version": "1:3",
                  "versionType": "deb"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Zygmunt Krynicki"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-15T18:29:54.565Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://ubuntu.com/security/notices/USN-6554-1"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://ubuntu.com/security/CVE-2023-5616"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2023-5616",
        "datePublished": "2025-04-15T18:29:54.565Z",
        "dateReserved": "2023-10-17T15:39:21.769Z",
        "dateUpdated": "2025-04-15T20:51:31.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14391 (GCVE-0-2020-14391)

    Vulnerability from nvd – Published: 2021-02-08 22:12 – Updated: 2024-08-04 12:46
    VLAI
    Summary
    A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a gnome-settings-daemon Affected: Red Hat Enterprise Linux 8 versions prior to 8.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:46:34.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873093"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gnome-settings-daemon",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Red Hat Enterprise Linux 8 versions prior to 8.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-08T22:12:36.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873093"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-14391",
        "datePublished": "2021-02-08T22:12:36.000Z",
        "dateReserved": "2020-06-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:46:34.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5616 (GCVE-0-2023-5616)

    Vulnerability from cvelistv5 – Published: 2025-04-15 18:29 – Updated: 2025-04-15 20:51
    VLAI
    Summary
    In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Canonical Ltd. Ubuntu's gnome-control-center Affected: 1:45 , < 1:45.0-1ubuntu3.1 (deb)
    Affected: 1:44 , < 1:44.0-1ubuntu6.1 (deb)
    Affected: 1:41 , < 1:41.7-0ubuntu0.22.04.8 (deb)
    Affected: 1:3 , < 1:3.36.5-0ubuntu4.1 (deb)
    Create a notification for this product.
    Credits
    Zygmunt Krynicki
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-15T20:51:27.350779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-290",
                    "description": "CWE-290 Authentication Bypass by Spoofing",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T20:51:31.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "Ubuntu\u0027s gnome-control-center",
              "platforms": [
                "Linux"
              ],
              "product": "Ubuntu\u0027s gnome-control-center",
              "repo": "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop",
              "vendor": "Canonical Ltd.",
              "versions": [
                {
                  "lessThan": "1:45.0-1ubuntu3.1",
                  "status": "affected",
                  "version": "1:45",
                  "versionType": "deb"
                },
                {
                  "lessThan": "1:44.0-1ubuntu6.1",
                  "status": "affected",
                  "version": "1:44",
                  "versionType": "deb"
                },
                {
                  "lessThan": "1:41.7-0ubuntu0.22.04.8",
                  "status": "affected",
                  "version": "1:41",
                  "versionType": "deb"
                },
                {
                  "lessThan": "1:3.36.5-0ubuntu4.1",
                  "status": "affected",
                  "version": "1:3",
                  "versionType": "deb"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Zygmunt Krynicki"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-15T18:29:54.565Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://ubuntu.com/security/notices/USN-6554-1"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://ubuntu.com/security/CVE-2023-5616"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2023-5616",
        "datePublished": "2025-04-15T18:29:54.565Z",
        "dateReserved": "2023-10-17T15:39:21.769Z",
        "dateUpdated": "2025-04-15T20:51:31.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14391 (GCVE-0-2020-14391)

    Vulnerability from cvelistv5 – Published: 2021-02-08 22:12 – Updated: 2024-08-04 12:46
    VLAI
    Summary
    A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a gnome-settings-daemon Affected: Red Hat Enterprise Linux 8 versions prior to 8.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:46:34.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873093"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "gnome-settings-daemon",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Red Hat Enterprise Linux 8 versions prior to 8.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-08T22:12:36.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873093"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-14391",
        "datePublished": "2021-02-08T22:12:36.000Z",
        "dateReserved": "2020-06-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:46:34.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }