CVE-2019-14822

EUVD-2019-5950
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
ibus_projectibus
𝑥
< 1.5.22
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
oraclezfs_storage_appliance_kit
8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ibus
bookworm
1.5.27-5
fixed
bullseye
1.5.23-2
fixed
jessie
ignored
sid
1.5.31~rc1-1
fixed
trixie
1.5.30-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ibus
bionic
Fixed 1.5.17-3ubuntu5.3
released
disco
ignored
eoan
Fixed 1.5.21-1~exp2ubuntu2.1
released
trusty
dne
xenial
Fixed 1.5.11-1ubuntu2.4
released
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1717958
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14822
https://usn.ubuntu.com/4134-3/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://bugzilla.redhat.com/show_bug.cgi?id=1717958
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14822
https://usn.ubuntu.com/4134-3/
https://www.oracle.com/security-alerts/cpuapr2022.html