CVE-2020-14391

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
gnomecontrol_center
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnome-settings-daemon
bullseye
3.38.2-1
fixed
bookworm
43.0-4
fixed
sid
47.1-2
fixed
trixie
47.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-settings-daemon
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1873093
https://bugzilla.redhat.com/show_bug.cgi?id=1873093