CVE-2019-3825

EUVD-2019-13448
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
redhatCNA
6.3 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
gnomegnome_display_manager
𝑥
< 3.31.4
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
redhatenterprise_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gdm3
bookworm
43.0-3
fixed
bullseye
3.38.2.1-1
fixed
jessie
ignored
sid
47.0-3
fixed
stretch
no-dsa
trixie
47.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdm3
bionic
Fixed 3.28.3-0ubuntu18.04.4
released
cosmic
Fixed 3.30.1-1ubuntu5.1
released
disco
Fixed 3.31.4+git20190225-1ubuntu1
released
eoan
Fixed 3.31.4+git20190225-1ubuntu1
released
focal
Fixed 3.31.4+git20190225-1ubuntu1
released
groovy
Fixed 3.31.4+git20190225-1ubuntu1
released
hirsute
Fixed 3.31.4+git20190225-1ubuntu1
released
impish
Fixed 3.31.4+git20190225-1ubuntu1
released
jammy
Fixed 3.31.4+git20190225-1ubuntu1
released
kinetic
Fixed 3.31.4+git20190225-1ubuntu1
released
lunar
Fixed 3.31.4+git20190225-1ubuntu1
released
mantic
Fixed 3.31.4+git20190225-1ubuntu1
released
noble
Fixed 3.31.4+git20190225-1ubuntu1
released
trusty
dne
xenial
needed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825
https://usn.ubuntu.com/3892-1/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825
https://usn.ubuntu.com/3892-1/