Lucene search
Veracode Vulnerability DatabaseVERACODE:28174HistoryDec 06, 2020 - 3:20 a.m.
Authentication Bypass
2020-12-0603:20:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
sddm
authentication
bypass
x server
unprivileged users
connection
xauthority file creation
EPSS
0
Percentile
5.1%
sddm is vulnerable to authentication bypass. The X server allows unprivileged users to create a connection to the server without authentication due to an incorrect start and race condition during Xauthority file creation.
References
lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html
bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049
github.com/sddm/sddm/blob/v0.19.0/ChangeLog
github.com/sddm/sddm/releases
lists.debian.org/debian-lts-announce/2020/11/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/GT3EX5NSQJJAKY63ENSMEDX6NYZLYY3S/
security-tracker.debian.org/tracker/CVE-2020-28049
www.debian.org/security/2020/dsa-4783
Related
gentoo
gentoo
SDDM: Privilege Escalation
2024-02-03 00:00:00
mageia
mageia
Updated sddm package fixes a security vulnerability
2020-11-10 18:20:00
fedora
fedora
[SECURITY] Fedora 33 Update: sddm-0.19.0-3.fc33
2021-01-24 01:30:36
suse
suse
Security update for sddm (moderate)
2020-11-11 00:00:00
Security update for sddm (moderate)
2020-11-07 00:00:00
debian
debian
[SECURITY] [DLA 2436-1] sddm security update
2020-11-06 10:29:25
[SECURITY] [DSA 4783-1] sddm security update
2020-11-05 14:44:17
[SECURITY] [DSA 4783-1] sddm security update
2020-11-05 14:44:17
osv
osv
sddm - security update
2020-11-06 00:00:00
CVE-2020-28049
2020-11-04 19:15:12
sddm - security update
2020-11-05 00:00:00
nessus
nessus
Fedora 33 : sddm (2021-7066b95c99)
2021-01-25 00:00:00
openSUSE Security Update : sddm (openSUSE-2020-1870)
2020-11-09 00:00:00
Debian DLA-2436-1 : sddm security update
2020-11-09 00:00:00
debiancve
debiancve
CVE-2020-28049
2020-11-04 19:15:12
cve
cve
CVE-2020-28049
2020-11-04 19:15:12
prion
prion
Race condition
2020-11-04 19:15:00
ubuntucve
ubuntucve
CVE-2020-28049
2020-11-04 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2436-1)
2020-11-07 00:00:00
Mageia: Security Advisory (MGASA-2020-0412)
2022-01-28 00:00:00
Fedora: Security Advisory for sddm (FEDORA-2021-7066b95c99)
2021-01-25 00:00:00
archlinux
archlinux
[ASA-202011-8] sddm: privilege escalation
2020-11-10 00:00:00
nvd
nvd
CVE-2020-28049
2020-11-04 19:15:12
alpinelinux
alpinelinux
CVE-2020-28049
2020-11-04 19:15:12
cvelist
cvelist
CVE-2020-28049
2020-11-04 00:00:00