gvfs is vulnerable to privilege escalation. A race condition in daemon/gvfsbackendadmin.c allows escalation of privileges due to admin backend not implementing query_info_on_read/write
.
lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html
lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html
www.openwall.com/lists/oss-security/2019/07/09/3
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
access.redhat.com/errata/RHSA-2020:1766
access.redhat.com/security/updates/classification/#moderate
gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e
usn.ubuntu.com/4053-1/