{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-11T19:16:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/USBGuard/usbguard/issues/273"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/USBGuard/usbguard/issues/403"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/USBGuard/usbguard/pull/531"}, {"name": "FEDORA-2022-0b97f87195", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6/"}, {"name": "FEDORA-2022-668038c1da", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46/"}, {"name": "FEDORA-2022-1f97de95ba", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4QO5J5YEWVX27QXYOGL3BDRV3KXNRQI/"}, {"name": "[debian-lts-announce] 20220411 [SECURITY] [DLA 2979-1] usbguard security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00010.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-25058", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/USBGuard/usbguard/issues/273", "refsource": "MISC", "url": "https://github.com/USBGuard/usbguard/issues/273"}, {"name": "https://github.com/USBGuard/usbguard/issues/403", "refsource": "MISC", "url": "https://github.com/USBGuard/usbguard/issues/403"}, {"name": "https://github.com/USBGuard/usbguard/pull/531", "refsource": "MISC", "url": "https://github.com/USBGuard/usbguard/pull/531"}, {"name": "FEDORA-2022-0b97f87195", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6/"}, {"name": "FEDORA-2022-668038c1da", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46/"}, {"name": "FEDORA-2022-1f97de95ba", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4QO5J5YEWVX27QXYOGL3BDRV3KXNRQI/"}, {"name": "[debian-lts-announce] 20220411 [SECURITY] [DLA 2979-1] usbguard security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00010.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:19.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/USBGuard/usbguard/issues/273"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/USBGuard/usbguard/issues/403"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/USBGuard/usbguard/pull/531"}, {"name": "FEDORA-2022-0b97f87195", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6/"}, {"name": "FEDORA-2022-668038c1da", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46/"}, {"name": "FEDORA-2022-1f97de95ba", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4QO5J5YEWVX27QXYOGL3BDRV3KXNRQI/"}, {"name": "[debian-lts-announce] 20220411 [SECURITY] [DLA 2979-1] usbguard security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00010.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-25058", "datePublished": "2022-02-24T01:53:33", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2024-08-05T03:00:19.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:usbguard_project:usbguard:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D7EAA37-523F-452D-8E2C-A749E045591F", "versionEndExcluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future."}, {"lang": "es", "value": "Se ha detectado un problema en USBGuard versiones anteriores a 1.1.0. En sistemas con el demonio usbguard-dbus en ejecuci\u00f3n, un usuario no privilegiado pod\u00eda hacer que USBGuard permitiera la conexi\u00f3n de todos los dispositivos USB en el futuro"}], "id": "CVE-2019-25058", "lastModified": "2023-11-07T03:09:15.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-24T15:15:21.220", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/USBGuard/usbguard/issues/273"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/USBGuard/usbguard/issues/403"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/USBGuard/usbguard/pull/531"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00010.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4QO5J5YEWVX27QXYOGL3BDRV3KXNRQI/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0087", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "usbguard-0:1.0.0-8.el8_7.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-01-12T00:00:00Z"}, {"advisory": "RHSA-2022:8679", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "usbguard-0:1.0.0-2.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-11-29T00:00:00Z"}, {"advisory": "RHSA-2022:8806", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "usbguard-0:1.0.0-8.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2022-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:0303", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "usbguard-0:1.0.0-10.el9_1.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-01-23T00:00:00Z"}, {"advisory": "RHSA-2022:8971", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "usbguard-0:1.0.0-10.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}], "bugzilla": {"description": "usbguard: Fix unauthorized access via D-Bus", "id": "2058465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058465"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-863->CWE-1220", "details": ["An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.", "A flaw was found in usbguard. The vulnerability occurs due to the No default access control list(ACL) on some D-Bus methods and leads to unauthorized access. This flaw allows an attacker to access and escape policy configuration."], "name": "CVE-2019-25058", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "usbguard", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-02-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-25058\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25058"], "threat_severity": "Moderate", "upstream_fix": "USBGuard 1.1.0"}