CVE-2019-3825

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2019-3825 OPENSUSE-SU-2024:10780-1 RHSA-2020:1766 SUSE-SU-2019:0527-1 UBUNTU-CVE-2019-3825 USN-3892-1

Modified

Published: 06 Feb 2019, 20:00

Last modified:04 Aug 2024, 19:19

Vulnerability Summary

Overall Risk (default)

medium

38/100

CVSS Score

6.9 MEDIUM

v2.0 (nvd)

EPSS Score

0.07% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

06 Feb 2019, 20:00

Published

Vulnerability first disclosed

04 Aug 2024, 19:19

Last Modified

Vulnerability information updated

Description

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

CVSS Metrics

v3.0•MEDIUM•Score: 6.3CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
v3.0•MEDIUM•Score: 6.4CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.07%• Percentile: 23%

Techniques & Countermeasures

CWE-287•Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Systems

canonical•ubuntu_linux
18.04 | 18.10
gnome•gnome_display_manager
< 3.31.4
redhat•enterprise_linux
7.0
the gnome projectr•gdm
3.31.4