CVE-2019-12450

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html

https://access.redhat.com/errata/RHSA-2019:3530

https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174

https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/

https://security.netapp.com/advisory/ntap-20190606-0003/

https://usn.ubuntu.com/4014-1/

https://usn.ubuntu.com/4014-2/

Details

Source: MITRE

Published: 2019-05-29

Updated: 2020-08-24

Type: CWE-276

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* versions from 2.15.0 to 2.61.1 (inclusive)

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
150561SUSE SLES11 Security Update : glib2 (SUSE-SU-2019:14102-1)NessusSuSE Local Security Checks
critical
147280NewStart CGSL CORE 5.04 / MAIN 5.04 : glib2 Vulnerability (NS-SA-2021-0020)NessusNewStart CGSL Local Security Checks
critical
145672CentOS 8 : glib2 (CESA-2019:3530)NessusCentOS Local Security Checks
critical
142724Amazon Linux 2 : glib2 (ALAS-2020-1553)NessusAmazon Linux Local Security Checks
critical
141664Scientific Linux Security Update : glib2 and ibus on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
critical
141596CentOS 7 : glib2 and ibus (CESA-2020:3978)NessusCentOS Local Security Checks
critical
141220Oracle Linux 7 : glib2 / and / ibus (ELSA-2020-3978)NessusOracle Linux Local Security Checks
critical
141023RHEL 7 : glib2 and ibus (RHSA-2020:3978)NessusRed Hat Local Security Checks
critical
137496EulerOS 2.0 SP2 : glib2 (EulerOS-SA-2020-1654)NessusHuawei Local Security Checks
critical
135618EulerOS Virtualization 3.0.2.2 : glib2 (EulerOS-SA-2020-1456)NessusHuawei Local Security Checks
critical
135516EulerOS 2.0 SP3 : glib2 (EulerOS-SA-2020-1387)NessusHuawei Local Security Checks
critical
134528EulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2020-1239)NessusHuawei Local Security Checks
critical
131490EulerOS Virtualization for ARM 64 3.0.3.0 : glib2 (EulerOS-SA-2019-2325)NessusHuawei Local Security Checks
critical
130863EulerOS 2.0 SP5 : glib2 (EulerOS-SA-2019-2154)NessusHuawei Local Security Checks
critical
130550RHEL 8 : glib2 (RHSA-2019:3530)NessusRed Hat Local Security Checks
critical
129436EulerOS 2.0 SP8 : glib2 (EulerOS-SA-2019-2077)NessusHuawei Local Security Checks
critical
129068Amazon Linux 2 : glib2 (ALAS-2019-1289)NessusAmazon Linux Local Security Checks
critical
127812Amazon Linux AMI : glib2 (ALAS-2019-1256)NessusAmazon Linux Local Security Checks
critical
126461SUSE SLED12 / SLES12 Security Update : glib2 (SUSE-SU-2019:1722-1)NessusSuSE Local Security Checks
critical
126334openSUSE Security Update : glib2 (openSUSE-2019-1650)NessusSuSE Local Security Checks
critical
126206Photon OS 3.0: Glib PHSA-2019-3.0-0018NessusPhotonOS Local Security Checks
critical
126196Photon OS 1.0: Glib PHSA-2019-1.0-0237NessusPhotonOS Local Security Checks
high
126152SUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1596-1)NessusSuSE Local Security Checks
critical
126150SUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2019:1594-1)NessusSuSE Local Security Checks
critical
126011Debian DLA-1826-1 : glib2.0 security updateNessusDebian Local Security Checks
critical
125961Fedora 30 : glib2 (2019-c18d2bd1bd)NessusFedora Local Security Checks
critical
125851Ubuntu 14.04 LTS : glib2.0 vulnerability (USN-4014-2)NessusUbuntu Local Security Checks
critical
125813Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : GLib vulnerability (USN-4014-1)NessusUbuntu Local Security Checks
critical