Untriaged
Permalink
CVE-2024-5148
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate
A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.
References
- https://access.redhat.com/security/cve/CVE-2024-5148 x_refsource_REDHAT vdb-entry
- RHBZ#2282003 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
- RHBZ#2282003 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
- https://access.redhat.com/security/cve/CVE-2024-5148 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2024-5148 x_refsource_REDHAT vdb-entry
- RHBZ#2282003 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
- https://access.redhat.com/security/cve/CVE-2024-5148 x_refsource_REDHAT vdb-entry
- RHBZ#2282003 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
- https://access.redhat.com/security/cve/CVE-2024-5148 x_refsource_REDHAT vdb-entry
- RHBZ#2282003 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
- https://access.redhat.com/security/cve/CVE-2024-5148 x_refsource_REDHAT vdb-entry
- RHBZ#2282003 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
- https://access.redhat.com/security/cve/CVE-2024-5148 x_refsource_REDHAT vdb-entry
- RHBZ#2282003 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
Affected products
gnome-remote-desktop
- <46.2
Matching in nixpkgs
pkgs.gnome-remote-desktop
GNOME Remote Desktop server
-
nixos-unstable -
- nixpkgs-unstable 48.1
Package maintainers
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>