CVE-2019-12450 — Incorrect Default Permissions in Glib
Severity
9.8CRITICALNVD
EPSS
0.8%
top 26.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 29
Latest updateMay 24
Description
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
Also affects: Debian Linux 8.0, Fedora 30, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, 19.04, Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6
Patches
🔴Vulnerability Details
3📋Vendor Advisories
7Microsoft▶
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir NULL NULL) and files using g_file_replace_contents (kfsb-↗2019-06-11
Red Hat▶
glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress↗2019-05-23
💬Community
4Bugzilla▶
CVE-2019-12450 mingw-glib2: glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress [epel-7]↗2019-06-11
Bugzilla▶
CVE-2019-12450 glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress↗2019-06-11
Bugzilla▶
CVE-2019-12450 mingw-glib2: glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress [fedora-all]↗2019-06-11
Bugzilla▶
CVE-2019-12450 glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress [fedora-all]↗2019-06-11