CVE-2024-36472

Improper Neutralization of Script in Attributes in a Web Page (CWE-83)

Published: May 28, 2024 / Updated: 5mo ago

010
CVSS 6.5No EPSS yetMedium
CVE info copied to clipboard

Summary

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior.

Impact

This vulnerability could allow an attacker who controls the local network to automatically launch untrusted code on affected GNOME Shell versions up to 45.7. Depending on the malicious code, this could lead to resource consumption issues like denial of service, data theft, or potentially arbitrary code execution on the victim's system. The vulnerability has a CVSS v3 base score of 7.3, indicating a moderate to high severity. It requires no user interaction and can be exploited over the network with low attack complexity, potentially affecting confidentiality, integrity, and availability of the system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Yes, patches are available from Red Hat and other distribution vendors to address this issue in GNOME Shell 45.7 and earlier versions. A patch was added on 2024-05-29, as indicated in the vulnerability data.

Mitigation

Apply the latest GNOME Shell updates from your distribution vendor that address this vulnerability. Review network security controls and restrict untrusted network access where possible. Consider additional endpoint protection and monitoring for signs of exploitation. Given the moderate to high severity and the availability of patches, prioritize updating GNOME Shell to versions newer than 45.7 in your environment, especially on systems that may connect to untrusted networks.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-36472

May 28, 2024 at 4:15 PM
First Article

Feedly found the first article mentioning CVE-2024-36472. See article

May 28, 2024 at 4:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

May 28, 2024 at 4:24 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

May 28, 2024 at 4:56 PM
Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-36472).

May 29, 2024 at 8:56 AM
CVSS

A CVSS base score of 7.3 has been assigned.

May 29, 2024 at 8:56 AM / redhat-cve-advisories
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (198233)

Jun 1, 2024 at 1:17 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (756720)

Jul 23, 2024 at 1:15 AM
Vendor Advisory

RedHat released a security advisory (RHSA-2024:9114).

Nov 12, 2024 at 8:00 AM
Static CVE Timeline Graph

Affected Systems

Gnome/shell
+null more

Patches

bugzilla.redhat.com
+null more

Links to Mitre Att&cks

T1134: Access Token Manipulation
+null more

Attack Patterns

CAPEC-243: XSS Targeting HTML Attributes
+null more

Vendor Advisory

CVE-2024-36472
Red Hat Enterprise Linux 8 - gnome-shell - Affected Red Hat Enterprise Linux 7 - gnome-shell - Out of support scope

News

[ALSA-2024:9114] Moderate: gnome-shell and gnome-shell-extensions security update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. It provides core interface functions like switching windows, launching applications, and notifications.
Red Hat Enterprise Linux 9 update for gnome-shell
The vulnerability allows a remote attacker to bypass implemented security restrictions. This security bulletin contains one medium risk vulnerability.
RHSA-2024:9915: Moderate: gnome-shell security update
An update for gnome-shell is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Security: Ausführen beliebiger Kommandos in gnome-shell und gnome-shell-extensions (Red Hat)
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. For detailed information on changes in this release, see the Red Hat Enterprise
RHEL 9 : gnome-shell and gnome-shell-extensions (RHSA-2024:9114)
Nessus Plugin ID 210803 with High Severity Synopsis The remote Red Hat host is missing a security update for gnome-shell / gnome-shell-extensions. Description The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9114 advisory. GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts. Security Fix(es): * gnome-shell: code execution in portal helper (CVE-2024-36472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.
See 37 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI