CVE-2019-3827

Name of the Vulnerable Software and Affected Versions gvfs versions prior to 1.39.4

Description The issue is related to insufficient access control in the GVFS subsystem of the GNOME desktop environment. It allows malicious programs to read and modify arbitrary files without asking for a password when no authentication agent is running, potentially leading to unauthorized access to protected information. This can be exploited by malicious programs running under the privileges of users in the wheel group to escalate privileges by modifying system files without the user's knowledge. Successful exploitation requires an uncommon system configuration.

Recommendations For versions prior to 1.39.4, update to version 1.39.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin backend or ensuring that an authentication agent is always running to minimize the risk of exploitation.