CVE-2024-5148
HIGHDescription
A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-5148? +
How severe is CVE-2024-5148? +
How do I check if I'm vulnerable to CVE-2024-5148? +
Related Vulnerabilities
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used …
Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by …
In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the …
A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field …
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could …
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached …