cvelistv5 - CVE-2022-1736

CVE-2022-1736

Vulnerability from cvelistv5

Published

2025-01-31 01:35

Modified

2025-02-07 16:07

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.

References

▼	URL	Tags
	security@ubuntu.com	https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028
	security@ubuntu.com	https://ubuntu.com/security/CVE-2022-1736
	security@ubuntu.com	https://ubuntu.com/security/notices/USN-5430-1

Impacted products

	Vendor	Product	Version
	Canonical Ltd.	Ubuntu's gnome-control-center	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-1736",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-07T16:07:43.557407Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        description: "CWE-noinfo Not enough information",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-07T16:07:47.540Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               packageName: "Ubuntu's gnome-control-center",
               platforms: [
                  "Linux",
               ],
               product: "Ubuntu's gnome-control-center",
               repo: "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop",
               vendor: "Canonical Ltd.",
               versions: [
                  {
                     lessThan: "42.1.1-2ubuntu1",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Jeremy Bícha",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.",
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-31T01:35:46.759Z",
            orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            shortName: "canonical",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://ubuntu.com/security/notices/USN-5430-1",
            },
            {
               tags: [
                  "issue-tracking",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028",
            },
            {
               tags: [
                  "issue-tracking",
               ],
               url: "https://ubuntu.com/security/CVE-2022-1736",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
      assignerShortName: "canonical",
      cveId: "CVE-2022-1736",
      datePublished: "2025-01-31T01:35:46.759Z",
      dateReserved: "2022-05-16T19:14:42.013Z",
      dateUpdated: "2025-02-07T16:07:47.540Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2022-1736\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2025-01-31T02:15:28.440\",\"lastModified\":\"2025-02-07T16:15:33.457\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.\"},{\"lang\":\"es\",\"value\":\"La configuración de gnome-control-center de Ubuntu permitía habilitar el uso compartido de escritorio remoto de forma predeterminada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"references\":[{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://ubuntu.com/security/CVE-2022-1736\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://ubuntu.com/security/notices/USN-5430-1\",\"source\":\"security@ubuntu.com\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1736\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T16:07:43.557407Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T16:05:36.750Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jeremy B\\u00edcha\"}], \"affected\": [{\"repo\": \"https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop\", \"vendor\": \"Canonical Ltd.\", \"product\": \"Ubuntu's gnome-control-center\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"42.1.1-2ubuntu1\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux\"], \"packageName\": \"Ubuntu's gnome-control-center\"}], \"references\": [{\"url\": \"https://ubuntu.com/security/notices/USN-5430-1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2022-1736\", \"tags\": [\"issue-tracking\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.\"}], \"providerMetadata\": {\"orgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"shortName\": \"canonical\", \"dateUpdated\": \"2025-01-31T01:35:46.759Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2022-1736\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T16:07:47.540Z\", \"dateReserved\": \"2022-05-16T19:14:42.013Z\", \"assignerOrgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"datePublished\": \"2025-01-31T01:35:46.759Z\", \"assignerShortName\": \"canonical\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

opensuse-su-2024:12246-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

budgie-control-center-1.1.0+0-1.1 on GA media

Notes

Title of the patch

budgie-control-center-1.1.0+0-1.1 on GA media

Description of the patch

These are all security issues fixed in the budgie-control-center-1.1.0+0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-12246

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "budgie-control-center-1.1.0+0-1.1 on GA media",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "These are all security issues fixed in the budgie-control-center-1.1.0+0-1.1 package on the GA media of openSUSE Tumbleweed.",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-Tumbleweed-2024-12246",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12246-1.json",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-1736 page",
            url: "https://www.suse.com/security/cve/CVE-2022-1736/",
         },
      ],
      title: "budgie-control-center-1.1.0+0-1.1 on GA media",
      tracking: {
         current_release_date: "2024-06-15T00:00:00Z",
         generator: {
            date: "2024-06-15T00:00:00Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2024:12246-1",
         initial_release_date: "2024-06-15T00:00:00Z",
         revision_history: [
            {
               date: "2024-06-15T00:00:00Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "budgie-control-center-1.1.0+0-1.1.aarch64",
                        product: {
                           name: "budgie-control-center-1.1.0+0-1.1.aarch64",
                           product_id: "budgie-control-center-1.1.0+0-1.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64",
                        product: {
                           name: "budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64",
                           product_id: "budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "budgie-control-center-lang-1.1.0+0-1.1.aarch64",
                        product: {
                           name: "budgie-control-center-lang-1.1.0+0-1.1.aarch64",
                           product_id: "budgie-control-center-lang-1.1.0+0-1.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "budgie-control-center-1.1.0+0-1.1.ppc64le",
                        product: {
                           name: "budgie-control-center-1.1.0+0-1.1.ppc64le",
                           product_id: "budgie-control-center-1.1.0+0-1.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le",
                        product: {
                           name: "budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le",
                           product_id: "budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "budgie-control-center-lang-1.1.0+0-1.1.ppc64le",
                        product: {
                           name: "budgie-control-center-lang-1.1.0+0-1.1.ppc64le",
                           product_id: "budgie-control-center-lang-1.1.0+0-1.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "budgie-control-center-1.1.0+0-1.1.s390x",
                        product: {
                           name: "budgie-control-center-1.1.0+0-1.1.s390x",
                           product_id: "budgie-control-center-1.1.0+0-1.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "budgie-control-center-bash-completion-1.1.0+0-1.1.s390x",
                        product: {
                           name: "budgie-control-center-bash-completion-1.1.0+0-1.1.s390x",
                           product_id: "budgie-control-center-bash-completion-1.1.0+0-1.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "budgie-control-center-lang-1.1.0+0-1.1.s390x",
                        product: {
                           name: "budgie-control-center-lang-1.1.0+0-1.1.s390x",
                           product_id: "budgie-control-center-lang-1.1.0+0-1.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "budgie-control-center-1.1.0+0-1.1.x86_64",
                        product: {
                           name: "budgie-control-center-1.1.0+0-1.1.x86_64",
                           product_id: "budgie-control-center-1.1.0+0-1.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64",
                        product: {
                           name: "budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64",
                           product_id: "budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "budgie-control-center-lang-1.1.0+0-1.1.x86_64",
                        product: {
                           name: "budgie-control-center-lang-1.1.0+0-1.1.x86_64",
                           product_id: "budgie-control-center-lang-1.1.0+0-1.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "openSUSE Tumbleweed",
                        product: {
                           name: "openSUSE Tumbleweed",
                           product_id: "openSUSE Tumbleweed",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:tumbleweed",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-1.1.0+0-1.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.aarch64",
            },
            product_reference: "budgie-control-center-1.1.0+0-1.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-1.1.0+0-1.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.ppc64le",
            },
            product_reference: "budgie-control-center-1.1.0+0-1.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-1.1.0+0-1.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.s390x",
            },
            product_reference: "budgie-control-center-1.1.0+0-1.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-1.1.0+0-1.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.x86_64",
            },
            product_reference: "budgie-control-center-1.1.0+0-1.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64",
            },
            product_reference: "budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le",
            },
            product_reference: "budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-bash-completion-1.1.0+0-1.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.s390x",
            },
            product_reference: "budgie-control-center-bash-completion-1.1.0+0-1.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64",
            },
            product_reference: "budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-lang-1.1.0+0-1.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.aarch64",
            },
            product_reference: "budgie-control-center-lang-1.1.0+0-1.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-lang-1.1.0+0-1.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.ppc64le",
            },
            product_reference: "budgie-control-center-lang-1.1.0+0-1.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-lang-1.1.0+0-1.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.s390x",
            },
            product_reference: "budgie-control-center-lang-1.1.0+0-1.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "budgie-control-center-lang-1.1.0+0-1.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.x86_64",
            },
            product_reference: "budgie-control-center-lang-1.1.0+0-1.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-1736",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-1736",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.aarch64",
               "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.ppc64le",
               "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.s390x",
               "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.x86_64",
               "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64",
               "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le",
               "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.s390x",
               "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64",
               "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.aarch64",
               "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.ppc64le",
               "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.s390x",
               "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-1736",
               url: "https://www.suse.com/security/cve/CVE-2022-1736",
            },
            {
               category: "external",
               summary: "SUSE Bug 1199751 for CVE-2022-1736",
               url: "https://bugzilla.suse.com/1199751",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.aarch64",
                  "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.ppc64le",
                  "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.s390x",
                  "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.x86_64",
                  "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64",
                  "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le",
                  "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.s390x",
                  "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64",
                  "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.aarch64",
                  "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.ppc64le",
                  "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.s390x",
                  "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.aarch64",
                  "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.ppc64le",
                  "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.s390x",
                  "openSUSE Tumbleweed:budgie-control-center-1.1.0+0-1.1.x86_64",
                  "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.aarch64",
                  "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.ppc64le",
                  "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.s390x",
                  "openSUSE Tumbleweed:budgie-control-center-bash-completion-1.1.0+0-1.1.x86_64",
                  "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.aarch64",
                  "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.ppc64le",
                  "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.s390x",
                  "openSUSE Tumbleweed:budgie-control-center-lang-1.1.0+0-1.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "moderate",
            },
         ],
         title: "CVE-2022-1736",
      },
   ],
}

fkie_cve-2022-1736

Vulnerability from fkie_nvd

Published

2025-01-31 02:15

Modified

2025-02-07 16:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.

References

▼	URL	Tags
	security@ubuntu.com	https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028
	security@ubuntu.com	https://ubuntu.com/security/CVE-2022-1736
	security@ubuntu.com	https://ubuntu.com/security/notices/USN-5430-1

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.",
      },
      {
         lang: "es",
         value: "La configuración de gnome-control-center de Ubuntu permitía habilitar el uso compartido de escritorio remoto de forma predeterminada.",
      },
   ],
   id: "CVE-2022-1736",
   lastModified: "2025-02-07T16:15:33.457",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2025-01-31T02:15:28.440",
   references: [
      {
         source: "security@ubuntu.com",
         url: "https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028",
      },
      {
         source: "security@ubuntu.com",
         url: "https://ubuntu.com/security/CVE-2022-1736",
      },
      {
         source: "security@ubuntu.com",
         url: "https://ubuntu.com/security/notices/USN-5430-1",
      },
   ],
   sourceIdentifier: "security@ubuntu.com",
   vulnStatus: "Awaiting Analysis",
}

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2022-1736

Aliases

CVE-2022-1736

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2022-1736",
      id: "GSD-2022-1736",
      references: [
         "https://security.archlinux.org/CVE-2022-1736",
         "https://www.suse.com/security/cve/CVE-2022-1736.html",
      ],
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2022-1736",
         ],
         id: "GSD-2022-1736",
         modified: "2023-12-13T01:19:27.863689Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2022-1736",
            STATE: "RESERVED",
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
               },
            ],
         },
      },
   },
}

ghsa-hh5g-6rhm-ccx9

Vulnerability from github

Published

2025-01-31 03:32

Modified

2025-02-07 18:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2022-1736",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2025-01-31T02:15:28Z",
      severity: "CRITICAL",
   },
   details: "Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.",
   id: "GHSA-hh5g-6rhm-ccx9",
   modified: "2025-02-07T18:31:18Z",
   published: "2025-01-31T03:32:13Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1736",
      },
      {
         type: "WEB",
         url: "https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028",
      },
      {
         type: "WEB",
         url: "https://ubuntu.com/security/CVE-2022-1736",
      },
      {
         type: "WEB",
         url: "https://ubuntu.com/security/notices/USN-5430-1",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-1736

Vulnerability from cvelistv5

opensuse-su-2024:12246-1

Vulnerability from csaf_opensuse

fkie_cve-2022-1736

Vulnerability from fkie_nvd

gsd-2022-1736

Vulnerability from gsd

ghsa-hh5g-6rhm-ccx9

Vulnerability from github

Tags

Sightings

Nomenclature