A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Sat, 05 Jul 2025 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Tue, 03 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 02 Sep 2024 11:15:00 +0000

Type Values Removed Values Added
Title gnome-remote-desktop: inadequate validation of session agents using D-Bus methods may expose RDP TLS certificate Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T17:41:56.311Z

Reserved: 2024-05-20T18:16:45.718Z

Link: CVE-2024-5148

cve-icon Vulnrichment

Updated: 2024-09-03T15:27:36.357Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-02T12:15:19.910

Modified: 2024-09-03T12:59:02.453

Link: CVE-2024-5148

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2024-5148 - Bugzilla

cve-icon OpenCVE Enrichment

No data.