Vulnerability Description
A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2024-5148
- https://bugzilla.redhat.com/show_bug.cgi?id=2282003
- https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
FAQ
What is CVE-2024-5148?
CVE-2024-5148 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client conn...
How severe is CVE-2024-5148?
CVE-2024-5148 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5148?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.