CVE-2019-12450

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
gnomeglib
2.15.0 ≤
𝑥
≤ 2.61.1
debiandebian_linux
8.0
redhatenterprise_linux
8.0
redhatenterprise_linux_eus
8.1
redhatenterprise_linux_eus
8.2
redhatenterprise_linux_eus
8.4
redhatenterprise_linux_eus
8.6
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_tus
8.2
redhatenterprise_linux_server_tus
8.4
redhatenterprise_linux_server_tus
8.6
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
canonicalubuntu_linux
19.04
opensuseleap
15.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bullseye
2.66.8-1+deb11u4
fixed
bullseye (security)
2.66.8-1+deb11u3
fixed
bookworm
2.74.6-2+deb12u3
fixed
bookworm (security)
2.74.6-2+deb12u2
fixed
sid
2.82.2-2
fixed
trixie
2.82.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glib2.0
disco
Fixed 2.60.0-1ubuntu0.1
released
cosmic
Fixed 2.58.1-2ubuntu0.1
released
bionic
Fixed 2.56.4-0ubuntu0.18.04.3
released
xenial
Fixed 2.48.2-0ubuntu4.2
released
trusty
Fixed 2.40.2-0ubuntu1.1+esm1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html
https://access.redhat.com/errata/RHSA-2019:3530
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/
https://security.netapp.com/advisory/ntap-20190606-0003/
https://usn.ubuntu.com/4014-1/
https://usn.ubuntu.com/4014-2/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html
https://access.redhat.com/errata/RHSA-2019:3530
https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/
https://security.netapp.com/advisory/ntap-20190606-0003/
https://usn.ubuntu.com/4014-1/
https://usn.ubuntu.com/4014-2/