CVE-2023-47250

Name of the Vulnerable Software and Affected Versions mprivacy-tools versions prior to 2.0.406g

Description The issue allows authenticated attackers with access to a VNC session to bypass access control on X11 server sockets. By specifying the DISPLAY ID of other users, attackers can gain complete control of their desktop. This control includes the ability to inject keystrokes, which can be used to perform keylogging attacks.

Recommendations For versions prior to 2.0.406g, update to version 2.0.406g or later to resolve the issue. As a temporary workaround, consider restricting access to the X11 server sockets to minimize the risk of exploitation.