6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.9%
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior
to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may
escape the bubblewrap sandbox used to confine thumbnailers by using the
TIOCSTI ioctl to push characters into the input buffer of the thumbnailer’s
controlling terminal, allowing an attacker to escape the sandbox if the
thumbnailer has a controlling terminal. This is due to improper filtering
of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | gnome-desktop3 | < 3.28.2-0ubuntu1.3 | UNKNOWN |
ubuntu | 18.10 | noarch | gnome-desktop3 | < 3.30.1-1ubuntu1.1 | UNKNOWN |
ubuntu | 19.04 | noarch | gnome-desktop3 | < 3.32.1-1ubuntu1.1 | UNKNOWN |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.9%