CVE-2020-14391

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
gnomecontrol_center
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-settings-daemon
bookworm
43.0-4
fixed
bullseye
3.38.2-1
fixed
sid
47.1-2
fixed
trixie
47.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-settings-daemon
bionic
not-affected
focal
not-affected
trusty
dne
xenial
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
LibRaw
RHEL 8
0:0.19.5-2.el8
fixed
LibRaw-devel
RHEL 8
0:0.19.5-2.el8
fixed
gnome-settings-daemon
RHEL 8
0:3.32.0-11.el8
fixed
webkit2gtk3
RHEL 8
0:2.28.4-1.el8
fixed
webkit2gtk3-devel
RHEL 8
0:2.28.4-1.el8
fixed
webkit2gtk3-jsc
RHEL 8
0:2.28.4-1.el8
fixed
webkit2gtk3-jsc-devel
RHEL 8
0:2.28.4-1.el8
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1873093
https://bugzilla.redhat.com/show_bug.cgi?id=1873093