CVE-2023-5616

CWE-2907 documents7 sources
Severity
4.9MEDIUM
EPSS
0.0%
top 88.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical Ltd. Ubuntu's Gnome-control-centerGnome Control CenterCanonical Ubuntu Linux
Timeline
PublishedApr 15

Description

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 1.4 | Impact: 3.4

Affected Packages2 packages

CVEListV5canonical_ltd./ubuntu's_gnome-control-center1:451:45.0-1ubuntu3.1+3
NVDgnome/control_center1.31.3.36.5-0ubuntu4.1+3

Also affects: Ubuntu Linux 20.04, 22.04, 23.04, 23.10

🔴Vulnerability Details

3
OSV
CVE-2023-5616: In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for o2025-04-15
GHSA
GHSA-78gq-q74g-w632: In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for o2025-04-15
CVEList
CVE-2023-5616: In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for o2025-04-15

📋Vendor Advisories

3
Red Hat
gnome-control-center: Remote login misconfiguration in GNOME Control Center2025-04-15
Ubuntu
GNOME Settings vulnerability2023-12-13
Debian
CVE-2023-5616: gnome-control-center - In Ubuntu, gnome-control-center did not properly reflect SSH remote login status...2023
CVE-2023-5616 (MEDIUM CVSS 4.9) | In Ubuntu | cvebase.io