DEBIAN-CVE-2019-3825

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2019-3825

Published: 06 Feb 2019, 20:29

Last modified:19 Nov 2025, 02:02

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.4 MEDIUM

3.0 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Feb 2019, 20:29

Published

Vulnerability first disclosed

19 Nov 2025, 02:02

Last Modified

Vulnerability information updated

Description

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

CVSS Metrics

v3.0•MEDIUM•Score: 6.4CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

debian•gdm3
< 3.30.2-3 | < 3.30.2-3 | < 3.30.2-3 | < 3.30.2-3

References (1)

https://security-tracker.debian.org/tracker/CVE-2019-3825