CVE-2019-14822 — Missing Authorization in Project Ibus
Severity
7.1HIGHNVD
EPSS
0.2%
top 62.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedNov 25
Latest updateMay 24
Description
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2
Affected Packages4 packages
Also affects: Ubuntu Linux 16.04, 18.04, 19.10, Enterprise Linux 7.0, 8.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-6vhv-qmhp-gxj3: A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfigura↗2022-05-24