CVE-2019-3825

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
redhatCNA
6.3 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
gnomegnome_display_manager
𝑥
< 3.31.4
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
redhatenterprise_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gdm3
bullseye
3.38.2.1-1
fixed
stretch
no-dsa
jessie
ignored
bookworm
43.0-3
fixed
sid
47.0-3
fixed
trixie
47.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdm3
noble
Fixed 3.31.4+git20190225-1ubuntu1
released
mantic
Fixed 3.31.4+git20190225-1ubuntu1
released
lunar
Fixed 3.31.4+git20190225-1ubuntu1
released
kinetic
Fixed 3.31.4+git20190225-1ubuntu1
released
jammy
Fixed 3.31.4+git20190225-1ubuntu1
released
impish
Fixed 3.31.4+git20190225-1ubuntu1
released
hirsute
Fixed 3.31.4+git20190225-1ubuntu1
released
groovy
Fixed 3.31.4+git20190225-1ubuntu1
released
focal
Fixed 3.31.4+git20190225-1ubuntu1
released
eoan
Fixed 3.31.4+git20190225-1ubuntu1
released
disco
Fixed 3.31.4+git20190225-1ubuntu1
released
cosmic
Fixed 3.30.1-1ubuntu5.1
released
bionic
Fixed 3.28.3-0ubuntu18.04.4
released
xenial
needed
trusty
dne
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825
https://usn.ubuntu.com/3892-1/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825
https://usn.ubuntu.com/3892-1/