{"containers": {"cna": {"affected": [{"product": "gdm", "vendor": "The Gnome Projectr", "versions": [{"status": "affected", "version": "3.31.4"}]}], "datePublic": "2019-02-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-02-21T10:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-3892-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3892-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3825", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "gdm", "version": {"version_data": [{"version_value": "3.31.4"}]}}]}, "vendor_name": "The Gnome Projectr"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session."}]}, "impact": {"cvss": [[{"vectorString": "6.3/CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287"}]}]}, "references": {"reference_data": [{"name": "USN-3892-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3892-1/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.680Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3892-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3892-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3825", "datePublished": "2019-02-06T20:00:00.000Z", "dateReserved": "2019-01-03T00:00:00.000Z", "dateUpdated": "2024-08-04T19:19:18.680Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "91D07F22-A0D8-41BE-BE1A-A5A81E8306AA", "versionEndExcluding": "3.31.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en gdm en versiones anteriores a la 3.31.4. Cuando el inicio de sesi\u00f3n temporal est\u00e1 habilitado en la configuraci\u00f3n, un atacante podr\u00eda omitir la pantalla de bloqueo, seleccionando el usuario de inicio de sesi\u00f3n temporal y esperando a que se agote el tiempo. En ese momento, obtendr\u00eda acceso a la sesi\u00f3n del usuario que ha iniciado sesi\u00f3n."}], "id": "CVE-2019-3825", "lastModified": "2024-11-21T04:42:37.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.4, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-06T20:29:00.447", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3892-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3892-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the GNOME Project for reporting this issue. Upstream acknowledges Burghard Britzke as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "accountsservice-0:0.6.50-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "appstream-data-0:8-20191129.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "baobab-0:3.28.0-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "clutter-0:1.26.2-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "evince-0:3.28.4-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gdm-1:3.28.3-29.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gjs-0:1.56.2-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-boxes-0:3.28.5-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-control-center-0:3.28.2-19.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-menus-0:3.13.3-11.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-online-accounts-0:3.28.2-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-remote-desktop-0:0.1.6-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-session-0:3.28.1-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-settings-daemon-0:3.32.0-9.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-shell-0:3.32.2-14.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-software-0:3.30.6-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-terminal-0:3.28.3-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnome-tweaks-0:3.28.1-7.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gsettings-desktop-schemas-0:3.32.0-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gtk3-0:3.22.30-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gvfs-0:1.36.2-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "LibRaw-0:0.19.5-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libvncserver-0:0.9.11-14.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libxslt-0:1.1.32-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mozjs52-0:52.9.0-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mozjs60-0:60.9.0-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mutter-0:3.32.2-34.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nautilus-0:3.28.1-12.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "vala-0:0.40.19-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "vinagre-0:3.22.0-21.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "accountsservice-0:0.6.50-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "appstream-data-0:8-20191129.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "baobab-0:3.28.0-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "clutter-0:1.26.2-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "evince-0:3.28.4-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gdm-1:3.28.3-29.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gjs-0:1.56.2-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-boxes-0:3.28.5-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-control-center-0:3.28.2-19.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-menus-0:3.13.3-11.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-online-accounts-0:3.28.2-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-remote-desktop-0:0.1.6-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-session-0:3.28.1-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-settings-daemon-0:3.32.0-9.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-shell-0:3.32.2-14.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-software-0:3.30.6-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-terminal-0:3.28.3-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnome-tweaks-0:3.28.1-7.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gsettings-desktop-schemas-0:3.32.0-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gtk3-0:3.22.30-5.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gvfs-0:1.36.2-8.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "LibRaw-0:0.19.5-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libvncserver-0:0.9.11-14.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libxslt-0:1.1.32-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "mozjs52-0:52.9.0-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "mozjs60-0:60.9.0-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "mutter-0:3.32.2-34.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "nautilus-0:3.28.1-12.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "vala-0:0.40.19-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "vinagre-0:3.22.0-21.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}], "bugzilla": {"description": "gdm: lock screen bypass when timed login is enabled", "id": "1672825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672825"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-287", "details": ["A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.", "A vulnerability was discovered in gdm when timed login is enabled in configuration. An attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire at which time they would gain access to the logged-in user's session."], "mitigation": {"lang": "en:us", "value": "Ensure timed login is not enabled in gdm configuration, by checking the output of:\n~~~\ngrep TimedLogin /etc/gdm/custom.conf\n~~~"}, "name": "CVE-2019-3825", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "gdm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gdm", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2019-02-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3825\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3825\nhttps://gitlab.gnome.org/GNOME/gdm/issues/460\nhttps://gitlab.gnome.org/GNOME/gdm/merge_requests/58"], "threat_severity": "Moderate"}

{}