PT-2024-4190 · Gnome+9 · Gnome Shell+9

Published

2024-05-28

Updated

2026-01-29

CVE-2024-36472

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GNOME Shell versions prior to 45.8

Description The issue allows a portal helper to be launched automatically without user confirmation based on network responses provided by an adversary, such as one controlling the local Wi-Fi network. This can lead to the loading of untrusted JavaScript code, potentially resulting in resource consumption or other impacts depending on the behavior of the JavaScript code. An attacker could exploit this to execute arbitrary JavaScript code remotely.

Recommendations For versions prior to 45.8, update to version 45.8 or later to resolve the issue. As a temporary workaround, consider restricting network responses from untrusted sources to minimize the risk of exploitation.

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-83CWE-346

Related Identifiers

ALSA-2024:5298

ALSA-2024:9114

BDU:2024-04675

CESA-2024_5298

CVE-2024-36472

INFSA-2024_5298

INFSA-2024_9114

MGASA-2024-0314

OPENSUSE-SU-2024:14201-1

OPENSUSE-SU-2024_2576-1

RHSA-2024:5298

RHSA-2024:9114

RHSA-2024:9915

RHSA-2024_5298

RHSA-2024_9114

RLSA-2024:9114

SUSE-SU-2024:2576-1

SUSE-SU-2024:2589-1

SUSE-SU-2024:2618-1

SUSE-SU-2024_2589-1

SUSE-SU-2024_2618-1

USN-6963-1

Affected Products

Almalinux

Centos

Debian

Gnome Shell

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-4190 · Gnome+9 · Gnome Shell+9

CVE-2024-36472

Weakness Enumeration

Related Identifiers

Affected Products

References · 40