CVE-2019-11461Improperly Implemented Security Check for Standard in Nautilus

CWE-358Improperly Implemented Security Check for Standard8 documents7 sources
Severity
7.8HIGHNVD
CNA9.0OSV9.0
EPSS
0.1%
top 83.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Nautilus
Timeline
PublishedApr 22
Latest updateMay 24

Description

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

NVDgnome/nautilus3.303.30.6+1
Debiangnome/nautilus< 3.30.5-2+3

🔴Vulnerability Details

3
GHSA
GHSA-jjgg-8c74-rh96: An issue was discovered in GNOME Nautilus 32022-05-24
OSV
CVE-2019-11461: An issue was discovered in GNOME Nautilus 32019-04-22
CVEList
CVE-2019-11461: An issue was discovered in GNOME Nautilus 32019-04-22

📋Vendor Advisories

2
Red Hat
nautilus: sandbox security bypass2019-04-13
Debian
CVE-2019-11461: nautilus - An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to...2019

💬Community

2
Bugzilla
CVE-2019-11461 nautilus: sandbox security bypass [fedora-all]2019-05-17
Bugzilla
CVE-2019-11461 nautilus: sandbox security bypass2019-05-17
CVE-2019-11461 — Gnome Nautilus vulnerability | cvebase