CVE-2009-4145

CWE-200 — Information Exposure8 documents8 sources

Severity

2.1LOW

EPSS

0.1%

top 80.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Networkmanager

Timeline

PublishedDec 23

Latest updateMay 2

Description

nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDgnome/networkmanager0.7.2

▶Debiannetwork-manager-applet< 0.7.2-2+3

Patches

Patch: git.gnome.org ↗Patch: git.gnome.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-2wgm-5xw3-53m2: nm-connection-editor in NetworkManager (NM) 0↗2022-05-02

▶

OSV

CVE-2009-4145: nm-connection-editor in NetworkManager (NM) 0↗2009-12-23

▶

CVEList

CVE-2009-4145: nm-connection-editor in NetworkManager (NM) 0↗2009-12-23

▶

📋Vendor Advisories

Ubuntu

network-manager-applet vulnerabilities↗2010-01-13

▶

Red Hat

NetworkManager: information disclosure by nm-connection-editor↗2009-12-10

▶

Debian

CVE-2009-4145: network-manager - nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects ove...↗2009

▶

💬Community

Bugzilla

CVE-2009-4145 NetworkManager: information disclosure by nm-connection-editor↗2009-12-10

▶