CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
ibus_projectibus
𝑥
< 1.5.22
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
oraclezfs_storage_appliance_kit
8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ibus
bullseye
1.5.23-2
fixed
jessie
ignored
bookworm
1.5.27-5
fixed
trixie
1.5.30-1
fixed
sid
1.5.31~rc1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ibus
eoan
Fixed 1.5.21-1~exp2ubuntu2.1
released
disco
ignored
bionic
Fixed 1.5.17-3ubuntu5.3
released
xenial
Fixed 1.5.11-1ubuntu2.4
released
trusty
dne
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1717958
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14822
https://usn.ubuntu.com/4134-3/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://bugzilla.redhat.com/show_bug.cgi?id=1717958
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14822
https://usn.ubuntu.com/4134-3/
https://www.oracle.com/security-alerts/cpuapr2022.html