Lucene search
Ubuntu.comUB:CVE-2024-36472HistoryMay 28, 2024 - 12:00 a.m.
CVE-2024-36472
2024-05-2800:00:00
ubuntu.com
ubuntu.com
196
gnome shell
automatic launch
untrusted javascript
network responses
resource consumption
cve-2024-36472
wi-fi network
AI Score
6.2
Confidence
Low
In GNOME Shell through 45.7, a portal helper can be launched automatically
(without user confirmation) based on network responses provided by an
adversary (e.g., an adversary who controls the local Wi-Fi network), and
subsequently loads untrusted JavaScript code, which may lead to resource
consumption or other impacts depending on the JavaScript code’s behavior.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072124>
- <https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7666 (context)>
- <https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688>
Notes
| Author | Note |
|---|---|
| mdeslaur | as of 2024-07-05, the upstream fix for this issue has not been merged |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | gnome-shell | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | gnome-shell | < any | UNKNOWN |
Related
nessus
nessus
RHEL 8 : gnome-shell (RHSA-2024:5298)
2024-08-14 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : GNOME Shell vulnerability (USN-6963-1)
2024-08-15 00:00:00
SUSE SLED12 / SLES12 Security Update : gnome-shell (SUSE-SU-2024:2589-1)
2024-07-23 00:00:00
nvd
nvd
CVE-2024-36472
2024-05-28 16:15:17
CVE-2023-50977
2024-05-27 14:15:09
debiancve
debiancve
CVE-2024-36472
2024-05-28 16:15:17
oraclelinux
oraclelinux
gnome-shell security update
2024-08-13 00:00:00
almalinux
almalinux
Moderate: gnome-shell security update
2024-08-13 00:00:00
osv
osv
CVE-2024-36472
2024-05-28 16:15:17
Moderate: gnome-shell security update
2024-08-13 00:00:00
gnome-shell vulnerability
2024-08-15 13:19:28
vulnrichment
vulnrichment
CVE-2024-36472
1976-01-01 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2589-1)
2024-07-23 00:00:00
Ubuntu: Security Advisory (USN-6963-1)
2024-08-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0314)
2024-09-27 00:00:00
redhat
redhat
(RHSA-2024:5298) Moderate: gnome-shell security update
2024-08-13 14:51:59
ubuntu
ubuntu
GNOME Shell vulnerability
2024-08-15 00:00:00
cvelist
cvelist
CVE-2024-36472
1976-01-01 00:00:00
mageia
mageia
Updated gnome-shell packages fix security vulnerability
2024-09-27 04:30:52
redhatcve
redhatcve
CVE-2024-36472
2024-05-29 08:50:22
cve
cve
CVE-2024-36472
2024-05-28 16:15:17
CVE-2023-50977
2024-05-27 14:15:09