CVE-2019-12450

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNOME GLib versions 2.15.0 through 2.61.1

Description The issue is related to the file copy fallback function in the gio/gfile.c file, which does not properly restrict file permissions during a copy operation. Instead of using restricted permissions, it uses default permissions. This could potentially allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions 2.15.0 through 2.61.1, consider updating to a version where this issue is fixed, as the use of default permissions during file copy operations could lead to security issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Files Accessible to External Parties

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-552CWE-276CWE-275

Related Identifiers

ALT-PU-2019-2029

ALT-PU-2019-2055

ALT-PU-2019-2780

AZL-6434

BDU:2019-04780

CESA-2019_3530

CESA-2020_3978

CVE-2019-12450

DLA-1826-1

DLA-1866-1

MGASA-2019-0352

OPENSUSE-SU-2019:1650-1

OPENSUSE-SU-2019_1650-1

OPENSUSE-SU-2024:10791-1

RHSA-2019:3530

RHSA-2019_3530

RHSA-2020:3978

RHSA-2020_3978

SUSE-SU-2019:14102-1

SUSE-SU-2019:1594-1

SUSE-SU-2019:1596-1

SUSE-SU-2019:1722-1

SUSE-SU-2019_14102-1

SUSE-SU-2019_1594-1

USN-4014-1

USN-4014-2

Affected Products

Alt Linux

Centos

Gnome Glib

Red Hat

Suse

Ubuntu

CVE-2019-12450

Weakness Enumeration

Related Identifiers

Affected Products

References · 56