CVE-2024-36472 : In GNOME Shell through 45.7, a portal helper can be launched automatically (with

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

Published 2024-05-28 16:15:17

Updated 2024-11-19 22:35:09

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2024-36472

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-36472

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-36472

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-19
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-36472

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2024-36472

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688

Portal helper should require user input before loading remote content (#7688) · Issues · GNOME / gnome-shell · GitLab

Jump to

Vulnerability Details : CVE-2024-36472

Products affected by CVE-2024-36472

Exploit prediction scoring system (EPSS) score for CVE-2024-36472

CVSS scores for CVE-2024-36472

CWE ids for CVE-2024-36472

References for CVE-2024-36472