ID CVE-2019-3827
Summary An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gvfs:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.13.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.13.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.17.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.17.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.18.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.18.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.18.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.19.5:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.19.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.19.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.19.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.20.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.20.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.20.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.20.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.21.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.21.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.21.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.21.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.21.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.21.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.22.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.22.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.22.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.22.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.23.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.23.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.23.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.23.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.24.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.24.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.25.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.25.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.25.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.25.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.25.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.25.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.25.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.25.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.25.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.25.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.25.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.25.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.25.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.25.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.26.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.26.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.26.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.26.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.26.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.26.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.27.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.27.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.27.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.27.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.27.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.27.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.27.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.27.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.27.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.27.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.28.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.28.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.28.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.28.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.28.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.32.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.32.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.32.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.32.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.34.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.34.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.34.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.34.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.34.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.34.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.36.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.36.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.36.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.36.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.36.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.36.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.38.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.38.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.38.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.38.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.38.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.38.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.39.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.39.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.39.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.39.3:*:*:*:*:*:*:*
CVSS
Base: 3.3 (as of 19-10-2020 - 18:06)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1665578
    title CVE-2019-3827 gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment gvfs is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517001
          • comment gvfs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140292
        • AND
          • comment gvfs-afc is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517003
          • comment gvfs-afc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140294
        • AND
          • comment gvfs-afp is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517005
          • comment gvfs-afp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140296
        • AND
          • comment gvfs-archive is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517007
          • comment gvfs-archive is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140298
        • AND
          • comment gvfs-client is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517009
          • comment gvfs-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140300
        • AND
          • comment gvfs-debugsource is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517011
          • comment gvfs-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191517012
        • AND
          • comment gvfs-devel is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517013
          • comment gvfs-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140302
        • AND
          • comment gvfs-fuse is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517015
          • comment gvfs-fuse is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140304
        • AND
          • comment gvfs-goa is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517017
          • comment gvfs-goa is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140306
        • AND
          • comment gvfs-gphoto2 is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517019
          • comment gvfs-gphoto2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140308
        • AND
          • comment gvfs-mtp is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517021
          • comment gvfs-mtp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140310
        • AND
          • comment gvfs-smb is earlier than 0:1.36.2-2.el8_0.1
            oval oval:com.redhat.rhsa:tst:20191517023
          • comment gvfs-smb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140312
    rhsa
    id RHSA-2019:1517
    released 2019-06-18
    severity Moderate
    title RHSA-2019:1517: gvfs security update (Moderate)
  • bugzilla
    id 1665578
    title CVE-2019-3827 gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment gvfs is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145001
          • comment gvfs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140292
        • AND
          • comment gvfs-afc is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145003
          • comment gvfs-afc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140294
        • AND
          • comment gvfs-afp is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145005
          • comment gvfs-afp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140296
        • AND
          • comment gvfs-archive is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145007
          • comment gvfs-archive is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140298
        • AND
          • comment gvfs-client is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145009
          • comment gvfs-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140300
        • AND
          • comment gvfs-devel is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145011
          • comment gvfs-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140302
        • AND
          • comment gvfs-fuse is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145013
          • comment gvfs-fuse is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140304
        • AND
          • comment gvfs-goa is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145015
          • comment gvfs-goa is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140306
        • AND
          • comment gvfs-gphoto2 is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145017
          • comment gvfs-gphoto2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140308
        • AND
          • comment gvfs-mtp is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145019
          • comment gvfs-mtp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140310
        • AND
          • comment gvfs-smb is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145021
          • comment gvfs-smb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140312
        • AND
          • comment gvfs-tests is earlier than 0:1.36.2-3.el7
            oval oval:com.redhat.rhsa:tst:20192145023
          • comment gvfs-tests is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183140314
    rhsa
    id RHSA-2019:2145
    released 2019-08-06
    severity Moderate
    title RHSA-2019:2145: gvfs security and bug fix update (Moderate)
rpms
  • gvfs-0:1.36.2-2.el8_0.1
  • gvfs-afc-0:1.36.2-2.el8_0.1
  • gvfs-afc-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-afp-0:1.36.2-2.el8_0.1
  • gvfs-afp-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-archive-0:1.36.2-2.el8_0.1
  • gvfs-archive-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-client-0:1.36.2-2.el8_0.1
  • gvfs-client-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-debugsource-0:1.36.2-2.el8_0.1
  • gvfs-devel-0:1.36.2-2.el8_0.1
  • gvfs-fuse-0:1.36.2-2.el8_0.1
  • gvfs-fuse-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-goa-0:1.36.2-2.el8_0.1
  • gvfs-goa-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-gphoto2-0:1.36.2-2.el8_0.1
  • gvfs-gphoto2-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-mtp-0:1.36.2-2.el8_0.1
  • gvfs-mtp-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-smb-0:1.36.2-2.el8_0.1
  • gvfs-smb-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-0:1.36.2-3.el7
  • gvfs-afc-0:1.36.2-3.el7
  • gvfs-afp-0:1.36.2-3.el7
  • gvfs-archive-0:1.36.2-3.el7
  • gvfs-client-0:1.36.2-3.el7
  • gvfs-debuginfo-0:1.36.2-3.el7
  • gvfs-devel-0:1.36.2-3.el7
  • gvfs-fuse-0:1.36.2-3.el7
  • gvfs-goa-0:1.36.2-3.el7
  • gvfs-gphoto2-0:1.36.2-3.el7
  • gvfs-mtp-0:1.36.2-3.el7
  • gvfs-smb-0:1.36.2-3.el7
  • gvfs-tests-0:1.36.2-3.el7
refmap via4
confirm
Last major update 19-10-2020 - 18:06
Published 25-03-2019 - 18:29
Last modified 19-10-2020 - 18:06
Back to Top