CVE-2020-16125
Advisory lineage Upstream: 0 Downstream: 11
Modified
Published: 10 Nov 2020, 04:20
Last modified:17 Sept 2024, 03:59
Vulnerability Summary
Overall Risk (default)
medium
43/100 CVSS Score
7.2 HIGH
v3.1 (cve.org)
EPSS Score
22.1% HIGH
22% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
10 Nov 2020, 04:20
Published
Vulnerability first disclosed
17 Sept 2024, 03:59
Last Modified
Vulnerability information updated
Description
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
CVSS Metrics
- v3.1•HIGH•Score: 7.2CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- v3.1•MEDIUM•Score: 6.8CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 22.10%• Percentile: 96%
Techniques & Countermeasures
- CWE-754•Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Affected Systems
- gnome•gdm3
≥ 3.36, < 3.36.4 | ≥ 3.38, < 3.38.2
- gnome•gnome_display_manager
< 3.36.2 | ≥ 3.38.0, < 3.38.2