An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
History

Fri, 15 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-290
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}


Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::crb

Tue, 01 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:service_interconnect:1::el9

Thu, 26 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat service Interconnect
CPEs cpe:/a:redhat:service_interconnect:1.4::el9
Vendors & Products Redhat service Interconnect

Mon, 09 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-07T00:00:00

Updated: 2024-11-15T17:14:35.675Z

Reserved: 2024-05-02T00:00:00

Link: CVE-2024-34397

cve-icon Vulnrichment

Updated: 2024-08-02T02:51:11.424Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-07T18:15:08.350

Modified: 2024-11-21T09:18:34.830

Link: CVE-2024-34397

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-07T00:00:00Z

Links: CVE-2024-34397 - Bugzilla