{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5616", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2023-10-17T15:39:21.769Z", "datePublished": "2025-04-15T18:29:54.565Z", "dateUpdated": "2025-04-15T20:51:31.399Z"}, "containers": {"cna": {"affected": [{"packageName": "Ubuntu's gnome-control-center", "product": "Ubuntu's gnome-control-center", "vendor": "Canonical Ltd.", "repo": "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop", "platforms": ["Linux"], "versions": [{"version": "1:45", "lessThan": "1:45.0-1ubuntu3.1", "status": "affected", "versionType": "deb"}, {"version": "1:44", "lessThan": "1:44.0-1ubuntu6.1", "status": "affected", "versionType": "deb"}, {"version": "1:41", "lessThan": "1:41.7-0ubuntu0.22.04.8", "status": "affected", "versionType": "deb"}, {"version": "1:3", "lessThan": "1:3.36.5-0ubuntu4.1", "status": "affected", "versionType": "deb"}]}], "descriptions": [{"lang": "en", "value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user."}], "references": [{"tags": ["issue-tracking"], "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577"}, {"tags": ["vendor-advisory"], "url": "https://ubuntu.com/security/notices/USN-6554-1"}, {"tags": ["issue-tracking"], "url": "https://ubuntu.com/security/CVE-2023-5616"}], "credits": [{"lang": "en", "type": "finder", "value": "Zygmunt Krynicki"}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-04-15T18:29:54.565Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-290", "lang": "en", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T20:51:27.350779Z", "id": "CVE-2023-5616", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T20:51:31.399Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-5616", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T20:51:27.350779Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T20:38:02.459Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Zygmunt Krynicki"}], "affected": [{"repo": "https://git.launchpad.net/ubuntu/+source/gnome-remote-desktop", "vendor": "Canonical Ltd.", "product": "Ubuntu's gnome-control-center", "versions": [{"status": "affected", "version": "1:45", "lessThan": "1:45.0-1ubuntu3.1", "versionType": "deb"}, {"status": "affected", "version": "1:44", "lessThan": "1:44.0-1ubuntu6.1", "versionType": "deb"}, {"status": "affected", "version": "1:41", "lessThan": "1:41.7-0ubuntu0.22.04.8", "versionType": "deb"}, {"status": "affected", "version": "1:3", "lessThan": "1:3.36.5-0ubuntu4.1", "versionType": "deb"}], "platforms": ["Linux"], "packageName": "Ubuntu's gnome-control-center"}], "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577", "tags": ["issue-tracking"]}, {"url": "https://ubuntu.com/security/notices/USN-6554-1", "tags": ["vendor-advisory"]}, {"url": "https://ubuntu.com/security/CVE-2023-5616", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-04-15T18:29:54.565Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5616", "state": "PUBLISHED", "dateUpdated": "2025-04-15T20:51:31.399Z", "dateReserved": "2023-10-17T15:39:21.769Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2025-04-15T18:29:54.565Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:control_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "D445DCBB-103C-4744-9DE2-1FF15664C377", "versionEndExcluding": "1.3.36.5-0ubuntu4.1", "versionStartIncluding": "1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:control_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "D403A617-1667-4411-8FF5-C1CEA3F642A1", "versionEndExcluding": "1.41.7-0ubuntu0.22.04.8", "versionStartIncluding": "1.41", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:control_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BDC6FC6-2448-47F8-BD6E-B38E298B59DB", "versionEndExcluding": "1.44.0-1ubuntu6.1", "versionStartIncluding": "1.44", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:control_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED923FAF-6322-412B-B9C0-230E9B1A9A21", "versionEndExcluding": "1.45.0-1ubuntu3.1", "versionStartIncluding": "1.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*", "matchCriteriaId": "B2E702D7-F8C0-49BF-9FFB-883017076E98", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*", "matchCriteriaId": "602CE21C-E1A9-4407-A504-CF4E58F596F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user."}, {"lang": "es", "value": "En Ubuntu, gnome-control-center no reflejaba correctamente el estado de inicio de sesi\u00f3n remoto SSH cuando el sistema estaba configurado para usar la activaci\u00f3n del socket systemd para openssh-server. Esto pod\u00eda dejar, sin que el usuario lo supiera, la m\u00e1quina local expuesta al acceso remoto SSH, contrariamente a lo esperado."}], "id": "CVE-2023-5616", "lastModified": "2025-08-26T16:34:27.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-15T19:16:06.647", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://ubuntu.com/security/CVE-2023-5616"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://ubuntu.com/security/notices/USN-6554-1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "gnome-control-center: Remote login misconfiguration in GNOME Control Center", "id": "2359838", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359838"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-290", "details": ["In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.", "A flaw was found in the GNOME Control Center. This vulnerability allows the SSH service to be improperly enabled without properly managing systemd units, which could unintentionally expose remote login access through insecure service activation management."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-5616", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "gnome-control-center", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gnome-control-center", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "gnome-control-center", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-15T18:29:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5616\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5616\nhttps://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577\nhttps://ubuntu.com/security/CVE-2023-5616\nhttps://ubuntu.com/security/notices/USN-6554-1"], "threat_severity": "Moderate"}

{}