vulnerability

Red Hat: CVE-2019-3827: CVE-2019-3827 gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (Multiple Advisories)

Name: Red Hat: CVE-2019-3827: CVE-2019-3827 gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (Multiple Advisories)
Creator: Red Hat
Published: 2019-03-25T00:00:00.000Z

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:N)

Published

Mar 25, 2019

Added

Jun 19, 2019

Modified

Mar 27, 2026

Description

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

Solutions

redhat-upgrade-gvfsredhat-upgrade-gvfs-afcredhat-upgrade-gvfs-afc-debuginforedhat-upgrade-gvfs-afpredhat-upgrade-gvfs-afp-debuginforedhat-upgrade-gvfs-archiveredhat-upgrade-gvfs-archive-debuginforedhat-upgrade-gvfs-clientredhat-upgrade-gvfs-client-debuginforedhat-upgrade-gvfs-debuginforedhat-upgrade-gvfs-debugsourceredhat-upgrade-gvfs-develredhat-upgrade-gvfs-fuseredhat-upgrade-gvfs-fuse-debuginforedhat-upgrade-gvfs-goaredhat-upgrade-gvfs-goa-debuginforedhat-upgrade-gvfs-gphoto2redhat-upgrade-gvfs-gphoto2-debuginforedhat-upgrade-gvfs-mtpredhat-upgrade-gvfs-mtp-debuginforedhat-upgrade-gvfs-smbredhat-upgrade-gvfs-smb-debuginforedhat-upgrade-gvfs-tests

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report